When event sources are auto-created without a time zone, it is recommended that an administrator receives a notification so that a time zone can be manually assigned to the event sources, if necessary.
By default, Sentinel Log Manager is installed with a rule that sends an e-mail message when an event source is auto-created without a timezone. The rule is called Event Source Created With Unspecified Timezone.
This rule is triggered by the following conditions:
EventName = CreateEventSource AND
Message match regex .*EMPTYTZ$
The Event Name is CreateEventSource. The Event Message indicates the name and universally unique identifier (UUID) of the newly created event source. If a new event source group or a new Collector is also created, their respective names and UUIDs are also indicated in the message. The message also indicates if any timezone was assigned to the event source when it was created. If the event source was created without a time zone, it shows the text EMPTYTZ at the end of the message.
When the defined conditions are met, an e-mail is sent to the configured e-mail address. The Event Source Created With Unspecified Timezone is already preconfigured to perform the Send E-Mail action.To send an e-mail, the rule must be activated, and the e-mail notification settings foraction must be configured as follows:
Log in to the Sentinel Log Manager as an administrator.
Thetab is displayed on the right pane of the page.
The Event Source Created With Unspecified Timezone rule is displayed under thetab.
To activate the Event Source Created With Unspecified Timezone rule, select the check box next to the rule.
If the rule is activated a Successfully activated the rule message is displayed.
To modify the Send an email action to send an email for event sources created with unspecified time zone, click.
Select the Send an Email action.
Specify the values for each field. For more information, see Section 9.2.4, Sending the Events by an E-Mail.