Introduction to EventSources
EventSources define monitoring and alerting activity for non-numeric event-based data. An EventSource is a definition that tells your Collector what information will be collected or received, what device(s) the information will be collected or received from, and when alerts should be triggered on that information.
There are two types of EventSources:
- EventSources that monitor asynchronous event messages received by the Collector
- EventSources that actively monitor event logs or log files for the presence of specific events
EventSources monitor for the following types of events:
- IPMI event log events
- SNMP traps
- Windows event logs
- Syslog events
Your LogicMonitor account comes pre-configured with a library of EventSources. You can view/edit these EventSources (as well as add new ones) from Settings | EventSources. For more information on creating EventSources, see Creating EventSources.
EventSources watch particular files such as event log messages (IPMI, Windows, or Syslog) or SNMP traps. An alert on an EventSource is triggered when LogicMonitor receives a message for an event that matches the filters in place for an EventSource definition. The alert severity depends on how the EventSource definition is configured, as does the alert message. For more information on configuring filters and alerts for EventSources, see Creating EventSources.
Just as with other types of alerts EventSource alerts are managed and displayed in the LogicMonitor interface. However, as discussed in the Clear After section of the Creating EventSources support article, there are some differences in how LogicMonitor clears EventSource alerts as compared to alerts arising from other LogicModules.
Note: While EventSource alerts automatically display in the LogicMonitor interface, alert notification via email, text, or other method must be configured through alert rules, as discussed in Alert Rules.