Event sources extract a particular type or class of events from one of the following providers:
Operating system
Processes
Server
Application
Typically, event sources extract the required information by parsing and filtering log entries. When extracted, the log entry is considered an event. All events must be composed of output parameters that can be evaluated by the event detection and alerting process.
When an event source detects an event and assigns output parameter values, the event detection and alerting process uses the values to trigger the appropriate rule response in the associated rule group.
You can use a single event source for multiple rule groups, but consider configuring each event source to monitor unique log files. Configuring multiple rule groups to use identical event sources and setting configuration parameters to the same values is undesirable. Duplicate the monitoring, parsing, and output parameter generation between instances of the event source. Specify the event source of a rule group by editing the properties of its corresponding rule group.
To add an event source to a rule set, right-click Rule Set > Add Event Source in the Edit Rules window.