Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Network Node Manager i Software10.30

Administer > Configure Incidents > Configure Syslog Message Incidents (ArcSight) > Syslog Message Configuration Form (ArcSight)

Syslog Message Configuration Form (ArcSight)

To configure incidents originating from syslog messages:

Navigate to the Syslog Message Configuration form:
1. From the workspace navigation pane, select the Configuration workspace.
2. Expand the Incidents folder.
3. Select Syslog Message Configurations.
Make your configuration choices (see table).

Note If you want to add or edit a Syslog Message incident configuration, verify that Enabled is selected.
1. To add a Syslog Message incident configuration, click the New icon, and continue.
2. To edit a Syslog Message incident configuration, double-click the row representing the configuration you want to edit, and continue.
3. To delete a Syslog Message incident configuration, click the Delete icon.
Click Save and Close to save your changes and return to the previous form.

Tasks for Syslog Message Incident Configuration
Task	How
Specify the Incident Configuration Name (Syslog Messages) (ArcSight)	Use the Basics group of the Syslog Message Configuration form. Specify a name that helps you to identify the configuration for subsequent use.
Specify whether you want to enable this configuration.	In the Basics group of the Syslog Message Configuration form, verify that Enable is selected for each configuration you want to use.
Specify Category and Family Attribute Values for Organizing Your Incidents (Syslog Message) (ArcSight)	Use the Basics group of the Syslog Message Configuration form. You can organize your incidents using Category and Family.
Specify the Incident Severity (Syslog Message) (ArcSight)	Use the Basics group of the Syslog Message Configuration form. Possible Severity values include: Normal, Warning, Minor, Major, and Critical.
Specify Your Incident Message Format (Syslog Message) (ArcSight)	Use the Basics group of the Syslog Message Configuration form. The message format determines the message to be displayed for the incident.
Specify a Description for Your Incident Configuration (Syslog Messages)(ArcSight)	Use the Basics group of the Syslog Message Configuration form. Provide a meaningful description.
Specify an Author for Your Incident Configuration (Management Events)	Use the Basics pane of the Syslog Message Configuration form to indicate who created or last modified the event. If the Author attribute value is Network Node Manager, any changes are at risk of being overwritten in the future. Click Lookup and select Show Analysis to display details about the currently selected Author. Click Quick Find to access the list of existing Author values. Click New to create an Author value.

After you complete the Basic Configuration for the Syslog Message incident, you can also choose to configure the information described in the following table.

Additional Configurations
Task	How
Correlate Duplicate Incidents (Deduplication Configuration)	Select the Deduplication tab to specify duplicate incidents that you want to be suppressed.
Track Incident Frequency (Rate: Time Period and Count)	Select the Rate tab to specify a rate for duplicate incidents. After the rate limit is reached, NNMi generates an Incident to notify you of the problem.
Configure an Action for an Incident	Select the Actions tab to specify actions that should occur automatically when an incident changes its Lifecycle State.
Configure Diagnostics for an Incident	Requires Network Node Manager iSPI Network Engineering Toolset Software (NNM iSPI NET) and requires installation of a Diagnostic Server. Select the Node Settings tab to specify diagnostic actions that should occur automatically when an incident reaches a selected Lifecycle State for a node that belongs to a particular Node Group.

Send Help Center feedback