H3C Technologies H3C SecCenter UTM Manager User Manual
Page 183
175
Item Description
Description
Required
Type the description for the custom event.
The string can comprise up to 40 characters.
Level
Required
Select a severity level for the custom event, which can be critical, major, minor, or
warning.
Event Rules
Required
Set rules for the custom event. For more information, see
.
Complete Definition of Rule shows the entire content of the rules that have been defined.
Association
Interval
Required when you have defined multiple rules.
If all rules of a policy are matched during the interval, the policy is matched.
The setting is not effective for a policy that contains only one rule.
Trigger Alarm
Optional
Selecting the check box to send an alarm when the policy is matched. Two methods are
available:
•
When Alarm by Email is selected, the email address and alert time are required.
•
When Alarm by Sound is selected, the alert time setting is not needed.
Status
Required
Set whether to enable or disable the custom event.
5.
Add an event rule.
a.
On the page for adding a custom event shown in
, click the icon next to the Event
Rule text box to enter the page for configuring filters.
b.
Configure the threshold, source device from which the log data is sent, source IP address of
events, destination IP address of events, source port of events, destination port of events,
protocol, attack event, and attack event name.
describes event rule configuration
items.
c.
Click OK. An event rule is created and displayed in the Event Rule text box.
d.
Click Add to add the rule to the Event Rules list box.