8.4 Using the Rule Wizard to Create Rules

Click Wizard > Rule Wizard to start the Rule wizard.

On the select rule type window, select the appropriate rule type, and then click Next. For more information, see the description of rule type or Section 8.7, Understanding Rules and Actions.

On the Rule Description window, provide a name for the rule, and then click Next.

On the Rule Name window, provide a descriptive name for the rule, and then click Next.

If you are using the Log_file_shrunk or modified_file rule, select either Names or Paths, and then click Next. Selecting Name causes the event detection and alerting daemon to monitor all files with a certain name. Selecting Paths causes the event detection and alerting daemon to monitor a specific file.

On the Name of File window, specify the name of the object you want to monitor and click Next. The name depends on the rule type selected, which might be a daemon executable, a command, a file name, or a fully-qualified path. For example, if you selected Paths while creating a modified_file rule, specify the full path, including the file name you want to monitor.

Provide the appropriate information for the action you want the rule to trigger in response to an event, and then click Next. All fields are optional. You do not need to select an action to create a rule. For more information, see Section 8.7, Understanding Rules and Actions

Review the information provided about the rule group associated with your rule, and then click Next.

Complete the Rule wizard. The Rule wizard displays only the windows relevant to the event source you associated with the new rule. If the new rule is in a rule group that uses configurable event sources, the remaining windows offer you the ability to modify the configurable parameters. Read the descriptions provided and, if necessary, modify parameters. If you are unsure, retain the current value.

When you have completed the Rule wizard, click Finish.