Create Rule panel
The Create Rule panel allows you to provide the properties for a new Rule.
How to Get There
Press F6 in the Work with Rules panel.
Field Descriptions
Event Source
An Event Source is a location from which IBM i events are extracted. Currently, journals and message queues are supported as Event Sources. Common event sources are QAUDJRN (journal) and QSYSOPR (message queue). You may define your own journals and message queues as Event Sources.
Event Description
Indicates the Event Description to which the listed Event Subtype pertains.
An Event Description is a specification that defines how to identify the IBM i events in which you are interested.
Event Subtype
Indicates the Event Subtype to which the listed Rules pertain.
An Event Subtype is a specification that further defines how to identify the IBM i events in which you are interested. Many times an Event Description will represent an action that occurred, and this "subtype" will indicate the subject of the action or different classes of the action.
Sequence
Sequence is a unique number used to determine the order in which rules are evaluated.
Description
A short description you assign to the Rule.
Active
Indicates whether the Rule is available for processing. When a Rule is not active its values will not be used in determining contents sent to the SYSLOG server.
Stop evaluation
Stop evaluation determines whether to end rule processing after a rule whose conditions are all satisfied.
Event Class ID
Event Class ID is simply placed into the syslog output event when using the Legacy Interact 3 Syslog format. Interact 3 formatted this data as a message ID, but you are free to specify whatever data is meaningful to you.
Journal Events: Specify *NAME to display the Event Description's Name in the output. For journals, this is the Journal Code and Entry Type (for example, TCD).
Message Queue Events: For message queues, *NAME displays the Message ID (for example, CPF0907).
Journal Event Subtypes: Specify *NAME to display the Event Description's Name followed by the Subtype, separated by a colon. For example, TCD:A.
You can specify a single asterisk (*) to inherit the value from the parent Event Description or Event Subtype at run time.
Severity
Indicates the severity of the event. This severity is used in the output syslog packet.
Class
Class is simply placed into the syslog output event when using the Legacy Interact 3 formats. Typical values implemented by Interact 3 include:
You can specify a single asterisk (*) to inherit the value from the parent Event Description or Subtype at run time.
Rule Output
Indicates whether any Outputs are attached to the Rule. See Work with Outputs.
Add Extension
This field indicates whether additional Extensions should be attached beyond those specified for the Event Description (see Change Event Description panel).
An extension is simply a user-specified "name=value" string appended to a syslog event.
Override Event Text
Allows access to the Event Text override for the Event Subtype. Event Text dictates how to format the event data into a human-readable format. Fields defined for the Event Description can be used to provide data for the text at run time. If this field is left undefined, the default Event Text (from the Event Description) will be shown. See Change Event Description panel.
Command Keys
F3=Exit
Exit the program.
F5=Refresh
Discards changes and remains on this panel.
F8=Display Outputs
Opens the Work with Attached Outputs panel, where you can attach an output to the Event Source.
F12=Cancel
Discards changes and returns to the prior panel.
F13=Extensions
Work with any Extensions that may be attached. After typing data and pressing Enter, this option appears.
F14=Event Text
Work with an Event Text that may be attached. After typing data and pressing Enter, this option appears.