Define Notification Template Dialog

In the Global Notifications panel, you can configure global notification settings for Notification Servers, Notification Outputs, and Notification Templates. On the Templates tab, you configure the templates for various notifications. The notification template defines the format and message fields of the notifications. You can select a default template or you can use the Define Template dialog to configure and edit templates.

You can select a default template and use it or modify a default template based on your requirement. You can also use one of the following template types and create a template:

  • Audit Logging
  • Event Stream Analysis
  • Event Source Monitoring
  • Health Alarms
  • New Health & Wellness Alarms (Version 11.5 and later).

These notification templates are created in an HTML, FreeMarker (FTL) format, a combination of both HTML and FTL, or Common Event Format (CEF) format:

  • Email (SMTP) notification output type is created in both HTML and FTL formats.

  • SNMP and Script notification output types are created in FTL format.

  • Syslog notification output type is created in CEF format.

You need to have a good understanding of HTML, FTL, and CEF formats to successfully configure your own notification template. Click on the respective links to understand the specific formats.

Procedures related to notification templates are described in Configure Templates for Notifications.

To access the Define Template dialog

  1. Go to netwitness_adminicon_25x22.png (Admin) > System.
  2. In the left navigation panel, select Global Notifications > Template Tab.
  3. In the Notifications Configurations panel, click netwitness_add.png, or select a configuration and click netwitness_ic-edit.png to modify.
    The Define Template dialog is displayed.
    netwitness_galtmplexmpl_541x404.png

The following table describes the features in the Define Template dialog.

Field Description
Name Type a unique name for the notification template.
Template Type Select the type of template that you want to create:
  • Audit Logging: Use this template for Global Audit Logging.
  • Event Stream Analysis: Use this template type for ESA alert notifications.
  • Event Source Monitoring: Use this template type for ESM notifications.
  • Health Alarms: Use this template type for Health and Wellness notifications.
  • New Health and Wellness Alarms: Use this template type for New Health and Wellness notifications.
Description Add a description for the template. For example, if you create a notification template for Log Decoders to use for Global Audit Logging, you could mention that information in the description.
Template

Specify mandatory CEF: prefix when you create a template in CEF format. Define a Template for Global Audit Logging provides instructions on how to define an audit logging template to use for Global Audit Logging. To define a template for Event Stream Analysis (ESA), see Define a Template for ESA Alert Notifications.

Note: Use Key references available in default notification templates.

Below is an example of a defined SMTP (email) template and output.

netwitness_definetemplate_572x428.png

netwitness_definetemp_output_566x454.png