Generic Events and Data sources (properties)

Unique name for the generic event. Name must be unique among all types of events, such as user defined events, analytics events, and so on.

Generic events are by default enabled. Clear the check box to disable the event.

Expression that the system should look out for when analyzing data packages. You can use the following operators:

• ( ): Used to ensure that related terms are processed together as a logical unit. They can be used to force a certain processing order in the analysis

Example: The search criteria "(User001 OR Door053) AND Sunday" first processes the two terms inside the parenthesis, then combines the result with the last part of the string. So, the system first looks for any packages containing either of the terms User001 or Door053, then takes the results and run through them in order to see which packages also contain the term Sunday.

• AND: With an AND operator, you specify that the terms on both sides of the AND operator must be present

Example: The search criteria "User001 AND Door053 AND Sunday" returns a result only if the terms User001, Door053 and Sunday are all included in your expression. It is not enough for only one or two of the terms to be present. The more terms you combine with AND, the fewer results you retrieve.

• OR: With an OR operator, you specify that either one or another term must be present

Example: The search criteria "User001 OR Door053 OR Sunday" returns any results containing either User001, Door053 or Sunday. The more terms you combine with OR, the more results you retrieve.

Indicates how particular the system should be when analyzing received data packages. The options are the following:

• Search: In order for the event to occur, the received data package must contain the text specified in the Expression field, but may also have more content
  
  Example: If you have specified that the received package should contain the terms User001 and Door053, the event is triggered if the received package contains the terms User001 and Door053 and Sunday since your two required terms are contained in the received package
• Match: In order for the event to occur, the received data package must contain exactly the text specified in the Expression field, and nothing else
• Regular expression: In order for the event to occur, the text specified in the Expression field must identify specific patterns in the received data packages

If you switch from Search or Match to Regular expression, the text in the Expression field is automatically translated to a regular expression.

The priority must be specified as a number between 0 (highest priority) and 999999 (lowest priority).

The same data package may be analyzed for different events. The ability to assign a priority to each event lets you manage which event should be triggered if a received package matches the criteria for several events.

When the system receives a TCP and/or UDP package, analysis of the packet starts with analysis for the event with the highest priority. This way, when a package matches the criteria for several events, only the event with the highest priority is triggered. If a package matches the criteria for several events with an identical priority, for example two events with a priority of 999, all events with this priority is triggered.

An event string to be tested against the expression entered in the Expression field.

You can choose between two default data sources and define a custom data source. What to choose depends on your third party program and/or the hard- or software you want to interface from:

Compatible: Factory default settings are enabled, echoes all bytes, TCP and UDP, IPv4 only, port 1234, no separator, local host only, current code page encoding (ANSI).

International: Factory default settings are enabled, echoes statistics only, TCP only, IPv4+6, port 1235, <CR><LF> as separator, local host only, UTF-8 encoding. (<CR><LF> = 13,10).

[Data source A]

[Data source B]

and so on.

Click to create a new data source.

Name of the data source.

Data sources are by default enabled. Clear the check box to disable the data source.

Click to reset all settings for the selected data source. The entered name in the Name field remains.

The port number of the data source.

Protocols which the system should listen for, and analyze, in order to detect generic events:

Any: TCP as well as UDP.

TCP: TCP only.

UDP: UDP only.

TCP and UDP packages used for generic events may contain special characters, such as @, #, +, ~, and more.

Selectable IP address types: IPv4, IPv6 or both.

Select the separator bytes used to separate individual generic event records. Default for data source type International (see Data source) is 13,10. (13,10 = <CR><IF>).

Available echo return formats:

• Echo statistics: Echoes the following format: [X],[Y],[Z],[Name of generic event]

  [X] = request number.

  [Y] = number of characters.

  [Z] = number of matches with a generic event.

  [Name of generic event] = name entered in the Name field

• Echo all bytes: Echoes all bytes
• No echo: Suppresses all echoing

By default, the list only shows the most relevant options. Select the Show all check box to display all available encoding options.

See previous bullet.

Specify the IP addresses, that the management server must be able to communicate with in order to manage external events. You can also use this to exclude IP addresses that you do not want data from.

Specify the IP addresses, that the management server must be able to communicate with in order to manage external events. You can also use this to exclude IP addresses that you do not want data from.