User Documentation
  • Product Information
    • Overview
    • Architecture
    • Security
    • Key Features
    • Supported Systems
    • Comparison
  • Installation
    • Download VirtualMetric
    • Install a VirtualMetric Server
    • Activate Product
    • Update From Previous Versions
    • Uninstall VirtualMetric
  • Releases
    • Version 8.0.3
  • Server Pre-Configuration
    • Windows
    • VMware
    • Linux
    • Bare Metal Hardware
  • Settings
    • Users
      • User Operations
        • Add New User
        • Edit User
        • Device Permissions
        • Login as Other User
        • Remove User
      • User Group Operations
        • Add New User Group
        • Assign Member
        • Device Permission
        • Edit User Group
        • Remove User Group
      • API Users Operations
        • Add New API User
        • Edit API User
        • Device Permission
        • Remove API User
      • Organization Operations
        • Add New Organization
        • Edit Organization
        • Device Permission
        • Login as Other Organization
        • Remove Organization
      • Credential Store
        • Add New Credential Store
        • Edit Credential Store
        • Remove Credential Store
      • Group Based AD Authentication
    • Devices
      • Server Operations
        • Add New Server
        • Assign Module
        • Edit Server
        • Remove Server
        • Restore Server
        • Connectivity Issues
        • Bulk Update
      • Cluster Operations
        • Add New Cluster
        • Assign Module
        • Sync a Cluster
        • Edit Cluster
        • Remove Cluster
        • Connectivity Issues
        • Bulk Update
      • Workstation Operations
        • Add New Workstation
        • Edit Workstation
        • Remove Workstation
      • Manager Operations
        • Add New Manager
        • Assign Module
        • Sync Manager
        • Edit Manager
        • Remove Manager
        • Connectivity Issues
        • Bulk Update
      • Network Devices Operations
        • Add Network Device
        • Edit Network Device
        • Remove Network Device
        • Connectivity Issues
        • Bulk Update
      • Trigger Operations
        • Add New Trigger
        • Assign Server
        • Edit Trigger
        • Change API User
        • Change Service User
        • Remove Trigger
        • Enable Debug
      • Device Group Operations
        • Add New Device Group
        • Assign Member
        • Edit Device Group
        • Remove Device Group
      • Datacenter Operations
        • Add New Datacenter
        • Assign Member
        • Edit Datacenter
        • Remove Datacenter
      • Permission Operations
        • Add/Remove Permission
    • Listeners
      • Listener Operations
        • Add a New Listener
          • Add a Syslog Listener
          • Add a Flow Endpoints
          • Add a eStreamer
          • Add a TFTP Listener
          • Add a TCP Listener
          • Add a UDP Listener
          • Add a HTTP Listener
          • Add a SMTP Listener
          • Add a SNMP Trap Listener
          • Add a Redis Consumer
          • Add a Kafka Consumer
          • Add a RabbitMQ Consumer
          • Add a NATS Consumer
        • Edit Listener
        • Remove Listener
    • Services
      • Location Operations
        • Add new Location
        • Edit Location
        • Remove Location
      • Web Sites Operations
        • Add new Website
        • Assign Location
        • Edit Web Sites
        • Remove Web Sites
      • DNS Operations
        • Add new DNS
        • Edit DNS
        • Remove DNS
      • ICMP Operations
        • Add new ICMP
        • Edit ICMP
        • Remove ICMP
      • IPAM Operations
        • Add new IPAM
        • Edit IPAM
        • Remove IPAM
      • TCP Operations
        • Add new TCP
        • Edit TCP
        • Remove TCP
      • Database Operations
        • Add new Database
        • Edit Database
        • Remove Database
    • Notifications
      • Rules Operations
        • Add new Rules
        • Edit Rule
        • Adding Dependency
        • Filtering Rules
        • Assign Action
        • Remove Rule
      • Knowledge Base Operations
        • Add new Knowledge Base
        • Edit Knowledge Base
        • Remove Knowledge Base
      • Action Operations
        • Add new Action
        • Testing Action
        • Edit Action
        • Remove Action
      • Scheduled Report Operation
        • Edit Scheduled Report
        • Remove Scheduled Report
      • STMP Settings
      • SMS Settings
    • Collectors
      • Definitions Operations
      • Module Defaults Operations
      • Device Bindings Operations
    • Logs
      • Definitions Operations
        • Understand Definition Fields
        • Edit Definition
        • Bulk Update
        • Reset Definition
      • Custom Definition Operations
        • Add Custom Definition
        • Edit Custom Definition
        • Remove Custom Definition
      • Module Defaults
        • Assign Definition
        • Reset Module Defaults
      • Device Bindings
        • Assign Definition
        • Reset Device Bindings
    • Statistics
      • Logging Types
        • Understanding Logging Types
        • Edit Logging Type
        • Reset Logging Type
      • System Counters
        • Understanding System Counter
        • Edit System Counter
        • Reset System Counter
      • Custom Counters
        • Understanding Custom Counter
        • Edit Custom Counter
        • Reset Custom Counter
    • Systems
      • System Logs
      • System Health
      • Advanced Settings
    • Azure Active Directory Integration
  • Dashboard
    • Main Page
    • Login
    • Layout and Common Functions
    • Calculation of Recommendations
    • Add New Widget
    • Edit Widget
    • Charts
    • White Labeling
  • Devices
    • Layout and Common Functions
  • Analytics
    • Layout and Common Functions
  • Modules and Audit
    • VirtualMetric Modules
      • Bare Metal
      • Microsoft Hyper-V
      • VMware
      • Microsoft IIS
      • Microsoft SQL
      • Microsoft Storage Spaces
      • Active Directory User Permissions
    • Audit Configuration
Powered by GitBook
On this page
  • Type: File Based
  • Type: Windows Event Based
  • Type: SNMP OID
  • Type: Syslog
  • Type: Stream Based
  • Type: SNMP Trap
  • Type: TFTP
  • Type: Stream Based Queue Systems
  • Type: Synthetic Check
  • Type: HTTP Check
  • Type: Script Check
  • Type: Query Based
  • Advanced Settings
  • Timezone
  • Custom Date Format
  • Custom Field Parser
  • Custom Line Parser
  • Data Masking Rule
  • Data Filter Rules
  • Encoding
  1. Settings
  2. Logs
  3. Custom Definition Operations

Add Custom Definition

PreviousCustom Definition OperationsNextEdit Custom Definition

Last updated 7 months ago

Before adding new Custom definition, you should create a new custom definition entry.

1. Click to Custom Definition on the left pane.

2. On the Custom Definitions Management screen, click Add (+) button on the right top section.

3. Select type of Server.

4. Fields will change based on the type.

Type: File Based

File Based server type includes Windows (Server), Windows (Workstation), Linux (Server), Linux (Workstation)

Refer to the following table to understand the fields in the above screen.

Fields
Description

Name

A label or name that is assigned to a custom definition.

Retention Period

The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived.

Groups

To provide visibility to either your own organization or all the other organizations. The options are:

· My Organizations

· All Organizations

Log Path

The log path represents the directory or location where log files are stored or generated within a system or application.

Category

Classification or grouping of log messages based on specific criteria or functionality for easier organization and filtering.

Collection should begin

Select a proper time frame from dropdown.

Initiation or start of log data aggregation or recording within a system or application.

Status

Custom definition can be enabled/disabled from status field.

Type: Windows Event Based

Event based server type includes Windows (Server), Windows (Workstation)

Refer to the following table to understand the fields in the above screen.

Fields
Descriptions

Name

A label or name that is assigned to a custom definition.

Retention Period

The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived.

Event Type

The user has the option to filter logs using Event Type settings. Filter logs based on the following event types:

· Critical

· Error

· Warning

· Information

Note: If you remove selections of all types, there will be no Event Type filtering. In that case, VirtualMetric Collector will also collect Verbose and Debug logs.

Event ID

Specific number for specifying event-id.

Keyword

You can filter logs by using Keyword. Keyword filtering is only available for Windows servers. You can type the keyword that you want to use for filtering. VirtualMetric Collector will use it immediately to filter logs.

You can use string and integer keywords.

Notes

Additional area for specifying notes.

Visibility

To provide visibility to either your own organization or all the other organizations. The options are:

· My Organizations

· All Organizations

Type: SNMP OID

Refer to the following table to understand the fields in the above screen.

Fields
Descriptions

Name

A label or name that is assigned to a custom definition.

Retention Period

The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived.

OID (1)

OID can be imported from an internal system (1)

OID (2)

OID can be added manually (2)

· Name: A label or name that is assigned to an OID.

· OID: Unique sequence of numbers used in network management systems like SNMP to identify managed objects in a hierarchical tree structure.

· Regex: Sequence of characters that defines a search pattern, aiding in string matching and manipulation within text.

· Type: Select the type of OID between String and Number

Visibility

To provide visibility to either your own organization or all the other organizations. The options are:

· My Organizations

· All Organizations

Status

Custom definition can be enabled/disabled from status field.

As an example, the CSV format should be like this. You should fill the name and oid values.

You can use "1" instead of "String"

You can use "2" instead of "Integer"

"Name1","oidvalue1","String"

"Name2","oidvalue2","Integer"

Example:

Name1,1.3.6.1.4.1.11096.6.1.1.1.2.1.6,1

Name2,1.3.6.1.4.1.11096.6.1.1.1.2.1.7,2

Type: Syslog

Refer to the following table to understand the fields in the above screen.

Fields
Descriptions

Name

A label or name that is assigned to a custom definition.

Retention Period

The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived.

Event Type

The user has the option to filter logs using Event Type settings. Filter logs based on the following event types:

· Critical

· Error

· Warning

· Information

Note: If you remove selections of all types, there will be no Event Type filtering. In that case, VirtualMetric Collector will also collect Verbose and Debug logs.

Source IP Address

Unique numerical label assigned to a device initiating a data packet in a network, indicating the origin of the communication.

Visibility

To provide visibility to either your own organization or all the other organizations. The options are:

· My Organizations

· All Organizations

Category

Classification or grouping of log messages based on specific criteria or functionality for easier organization and filtering.

Status

Custom definition can be enabled/disabled from status field.

Type: Stream Based

Stream Based server type includes TCP, UDP, HTTP, SMTP

Refer to the following table to understand the fields in the above screen.

Fields
Descriptions

Name

A label or name that is assigned to a custom definition.

Retention Period

The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived.

Source IP Address

Unique numerical label assigned to a device initiating a data packet in a network, indicating the origin of the communication.

Visibility

To provide visibility to either your own organization or all the other organizations. The options are:

· My Organizations

· All Organizations

Category

Classification or grouping of log messages based on specific criteria or functionality for easier organization and filtering.

Status

Custom definition can be enabled/disabled from status field.

Type: SNMP Trap

Refer to the following table to understand the fields in the above screen.

Fields
Descriptions

Name

A label or name that is assigned to a custom definition.

Retention Period

The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived.

Source IP Address

Unique numerical label assigned to a device initiating a data packet in a network, indicating the origin of the communication.

SNMP Trap OID

Unique identifier used to categorize and identify specific events or conditions reported through SNMP traps in network management systems.

Visibility

To provide visibility to either your own organization or all the other organizations. The options are:

· My Organizations

· All Organizations

Category

Classification or grouping of log messages based on specific criteria or functionality for easier organization and filtering.

Status

Custom definition can be enabled/disabled from status field.

Type: TFTP

Refer to the following table to understand the fields in the above screen.

Fields
Descriptions

Name

A label or name that is assigned to a custom definition.

Retention Period

The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived.

Event Type

The user has the option to filter logs using Event Type settings. Filter logs based on the following event types:

· Critical

· Error

· Warning

· Information

Note: If you remove selections of all types, there will be no Event Type filtering. In that case, VirtualMetric Collector will also collect Verbose and Debug logs.

Event ID

Specific number for specifying event-id.

Keyword

You can filter logs by using Keyword. Keyword filtering is only available for Windows servers. You can type the keyword that you want to use for filtering. VirtualMetric Collector will use it immediately to filter logs.

You can use string and integer keywords.

Notes

Additional area for specifying notes.

Visibility

To provide visibility to either your own organization or all the other organizations. The options are:

· My Organizations

· All Organizations

Type: Stream Based Queue Systems

Stream Based queue systems includes Redis, Kafka, RabbitMQ, Nats

Refer to the following table to understand the fields in the above screen.

Fields
Descriptions

Name

A label or name that is assigned to a custom definition.

Retention Period

The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived.

Visibility

To provide visibility to either your own organization or all the other organizations. The options are:

· My Organizations

· All Organizations

Category

Classification or grouping of log messages based on specific criteria or functionality for easier organization and filtering.

Status

Custom definition can be enabled/disabled from status field.

Type: Synthetic Check

Refer to the following table to understand the fields in the above screen.

Fields
Descriptions

Name

A label or name that is assigned to a custom definition.

Retention Period

The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived.

Visibility

To provide visibility to either your own organization or all the other organizations. The options are:

· My Organizations

· All Organizations

Transaction Definitions

A transaction definition outlines a set of operations treated as a single, atomic unit of work within a database, ensuring all actions either succeed or fail together.

Time Period

Select a proper time period from dropdown.

Specific duration or interval between two points in time.

Timeout

Duration within which an operation or process is expected to complete before being considered unsuccessful or interrupted.

Status

Custom definition can be enabled/disabled from status field.

Type: HTTP Check

Refer to the following table to understand the fields in the above screen.

Fields
Descriptions

Name

A label or name that is assigned to a custom definition.

Retention Period

The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived.

Visibility

To provide visibility to either your own organization or all the other organizations. The options are:

· My Organizations

· All Organizations

URL

It is a web address that specifies the location of a resource on the internet.

Credential Type

Select a proper credential type and credential.

· None

· Basic – Selecting this option provides you with another Field called Credential from where you can select an appropriate option.

· HMAC – Selecting this option provides you with another Field called Credential from where you can select an appropriate option.

· HTTP Header – Selecting this option provides you with another Field called Credential from where you can select an appropriate option.

Content Type

API content type specifies the format of the data being sent or received in an API request or response.

Examples:

· application/json

· application/xml

Time Period

Select a proper time period from dropdown.

Specific duration or interval between two points in time.

Timeout

Duration within which an operation or process is expected to complete before being considered unsuccessful or interrupted.

Status

Custom definition can be enabled/disabled from status field.

Type: Script Check

Refer to the following table to understand the fields in the above screen.

Fields
Descriptions

Name

A label or name that is assigned to a custom definition.

Retention Period

The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived.

Visibility

To provide visibility to either your own organization or all the other organizations. The options are:

· My Organizations

· All Organizations

File Name

The name assigned to a file, identifying it within a file system.

Interpretor Type

Select a proper interpretor type from dropdown.

· Exe: An executable file containing machine code that can be run directly by an operating system.

· Shell: The user interface enabling interaction with an operating system, interpreting commands and executing programs.

· Powershell: A command-line shell and scripting language designed for task automation and configuration management in Windows environments.

Credential Type

Select a proper credential type and credential.

· None

· Basic – Selecting this option provides you with another Field called Credential from where you can select an appropriate option.

· HMAC – Selecting this option provides you with another Field called Credential from where you can select an appropriate option.

· HTTP Header – Selecting this option provides you with another Field called Credential from where you can select an appropriate option.

Time Period

Select a proper time period from dropdown.

Specific duration or interval between two points in time.

Timeout

Duration within which an operation or process is expected to complete before being considered unsuccessful or interrupted.

Status

Custom definition can be enabled/disabled from status field.

The scripts should be located under the package/scripts directory within the directory found by the agent. If the package/scripts directory does not exist, please create it.

Type: Query Based

Refer to the following table to understand the fields in the above screen.

Fields
Descriptions

Name

A label or name that is assigned to a custom definition.

Retention Period

The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived.

Visibility

To provide visibility to either your own organization or all the other organizations. The options are:

· My Organizations

· All Organizations

Query Editor

A query editor is a tool or interface that allows users to write, modify, and execute database queries, typically providing features for syntax highlighting and error checking.

Time Period

Select a proper time period from dropdown.

Specific duration or interval between two points in time.

Timeout

Duration within which an operation or process is expected to complete before being considered unsuccessful or interrupted.

Status

Custom definition can be enabled/disabled from status field.

5. After adding fields of the custom definition, additional configuration can be added from advance settings for some of the types.

Advanced Settings

Timezone

1) Select a proper time zone mode.

  • Use time zone from log file. If none is detected use

  • Ignore time zone from log file and instead use

2) Select a proper time zone from dropdown.

Custom Date Format

Sometimes log files can contain different types of date format. Custom date format can be added from this field.

Example 1:

Date: 2022-09-06 05:48:20

Pattern: \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}

Date Format: YYYY-MM-DD HH:mm:ss

Example 2:

Date: 202209060548

Pattern: \d{12}n

Date Format: YYYYMMDDHHmm

Example 3:

Date: 05:48 06.09.2022

Pattern: \d{2}:\d{2} \d{4}-\d{2}-\d{2}

Date Format: YYYYMMDDHHmm

Custom Field Parser

Sometimes log files can contain different types of field formats. Custom field parser can be added from this field. After adding a sample you will see data columns under the sample field. Columns can be selected.

Example 1:

Example 2:

Example 3:

Custom Line Parser

Regex can be written for parse the line

Example:

Data Masking Rule

There are two modes in this part. Users can write any word or regex.

Example:

Data Filter Rules

There are two modes in this part. Users can write any word or regex.

  1. Select a proper reader mode.

  • Ingest all except matched lines: Shows logs that contain written pattern.

  • Ingest only matched lines: Shows logs that do not contain written pattern.

  1. Click Add button

Example:

You should add (*) to beginning and end of the expression.

Example: *error*

Encoding

This is the process of converting data from one format or representation to another. For example, in computing, encoding can refer to converting text characters into binary code for storage or transmission, such as ASCII or UTF-8 encoding.

Select a proper encoding type from dropdown.

6. After adding all required fields click SUBMIT.