Accessing Events

You can access the following events screens:

Related topics:

Events Summary Screen

The events summary screen displays all events, and configures alerts and event generation. To view this screen, click Events on the CloudVision portal. The figure below displays the events summary screen.
Figure 1. Events Summary Screen
The Events screen provides the following information and functionalities:
  • Click the Event Generation button to configure generating new events. Refer to Configuring Event Generations.
  • Click the Notifications button to configure notifications. Refer to Configuring Notifications
  • Left Pane
    • Event Chart and Summary Tables tabs
      • The Event Chart tab displays the bar graphs of all events.
        Note: Hover the cursor over the different segments of the bar graph to view the count of severity events.
      • The Summary Tables tab displays Most Active Devices and Most Active Event Types in tabular formats.See the figure below.
        Figure 2. Event Summary Screen - Summary Tables
        Note: The severity levels include critical, error, warning, and info.
    • The Time Range dropdown menu to select the time span of events.
    • The Acknowledge button to acknowledges selected events.
    • The Un-Acknowledge button to renounce selected events.
    • A list of all events with selection checkboxes in a tabular format.
    • Click the Export Table to CSV button to download the table in csv format to your local drive.
  • Right Pane
    • The Reset Filters button to clear all filtering options.
    • The Current Time date picker to select the event start date.
    • Search field based on Title or Description and dropdown menus based on Event Type, Device, Acknowlegement State,and Active State.
    • Buttons to perform a search based on severity levels (Info, Warning, Error, and Critical)

Event Details Screen

An event details screen displays appropriate event details, acknowledges the event, and configures event generation. To view this screen, click one of the events listed on the Events screen.
Figure 3. Event Details Screen

This screen provides the following information and functionalities in the right pane:

  • Left arrow to return to the events summary screen
  • Click the Event Generation button to configure generating new events. Refer to Configuring Event Generations.
  • Click the Notifications button to configure notifications. Refer to Configuring Notifications
  • Displays the event description
  • Time when event details were captured
  • Hover the cursor on the event name. The system displays a popup window with event details.
Figure 4. Event Name Popup Window
The popup window provides the following options:
  • Click View Events to view search results with the same event name.
Figure 5. Search Results with the Same Event Name
  • Click Compare Metrics to navigate to the Explorer tab in Metrics app.
  • Hover the cursor on the event name. The system displays a popup window with device details in that location.
Figure 6. Location Name Popup Window

The popup window provides the following options:

  • Click View Events to view search results with the same location name.
Figure 7. Search Results with the Same Location Name
  • Click Compare Metrics to navigate to the Explorer tab under Metrics.
  • The Acknowledge button to acknowledge the appropriate event.
  • The Configure Event Generation button to configure the generation of appropriate event.
  • Metric details of the event
  • A chronological history of all errors (shown at the bottom of the screen)

Configuring Event Generations

Configure rules and conditions to customize event generation.

Perform the following steps to configure the settings for generating events:

  1. On the CloudVision portal, click the Events tab. The system displays the Events screen.
  2. Click Configure Event Generation at the upper right corner of the Events section. The system displays the Generation Configuration screen with all configurable events listed in the left pane.
    Figure 8. Generation Configuration Screen
    Note: Alternatively, you can go to an event details screen and click Configure Event Generation to configure rules for generating events.
  3. Click the required event in the left pane.
  4. Click Add Rule in the lower end of right pane. A new Condition pane is displayed on the screen.
    Figure 9. Add Rule Pane in Generation Configuration
  5. In the Condition pane, click on the search field. The system displays the list of configured devices tags.
    Figure 10. List of Configured Device Tags
    Note: Alternatively, you can type the required device tag in the search field for a quick search.
  6. Select preferred devices tags from the displayed list.
    Note: After you have selected the device, the system displays the count of matched devices. The rule is applicable to all devices when you do not select any device tag.
  7. Click on the Interfaces search field (available only for interface events).

    The system displays the list of configured interface tags..

    Figure 11. List of Configured Interface Tags
  8. Select preferred interface tags from the displayed list.
    Note: After you have selected an interface tag, the system displays the count of matching interfaces. The rule is applicable to all interfaces when you do not select any interface tag.
  9. Provide the following criteria required to generate events:
    • Severity - Select the severity type from the drop-down menu. Options include Info, Warning, Critical, and Error.
    • Threshold (applicable only to threshold events) - Type the threshold value.
    • Raise Time - Type the preferred wait time (seconds) to create an event after reaching the threshold limit.
    • Clear Time - Type the precise time (seconds) to delete an event after the current value goes below the threshold limit.
    Note: Select the Stop generating events and checking rules checkbox if you do not want to apply further rules for selected tags. If no tags are selected, further rules are not applicable to any device.
  10. Click Move up if you prefer to move this rule up in the priority list.
    Note: Rules are processed sequentially. The default rule is applied only when an event does not match any other rules. Click Delete rule to delete the corresponding rule. Click Move down in configured rules to move the corresponding rule down in the priority list.
  11. Click Save in the left pane.
    Note: Click View Configuration Differences in the lower left pane to view differences in event configurations.

Anomaly in Connectivity MonitorLatency

From the Events tab, select Anomaly in Connectivity MonitorLatency to configure event generation for latency events between devices and configured hosts. The events are designed to alert the user when the latency between a device and a configured host is outside of recent historical bounds.

Figure 12 is a sample event view for one of these events between the device with hostname `Oslo` and the cloudtracer host endpoint `www.bbc.co.uk`.

Figure 12. Anomaly Event View

Figure 13 explains various stages of this event.

Figure 13. Anomaly Event View Overlay

Prior to this event in Figure 13, the latency metric (green line in upper graph) is stable with minimal deviations. The historical bounds (blue shaded region) that determine when the metric is in a normal state has a small range with both the upper and lower bounds near the historical mean (dark blue line). The historical bounds are computed by adding and subtracting a fixed multiple of the current latency standard deviation to the current mean.

The anomaly score starts to increase from zero when the latency value strays outside of the historical bounds. The latency values that are outside the bounds are highlighted in red. The anomaly score is the total number of standard deviations outside the historical bounds. The anomaly score is the positive cumulative sum of the number of standard deviations outside of the historical bounds. For example, if the bounds are set as 3 standard deviations outside of the mean and we get a value of the latency that is 5 times the standard deviation away from the mean, the anomaly score will increase by 2. If the next latency value was 1.5 times the standard deviation outside of then mean then we would subtract 1.5 from the anomaly score. The anomaly score therefore keeps track of the cumulative deviation of the latency outside of the historical bounds. It is bounded below by zero.

Figure 14 provides a detailed explanation on computing the anomaly score.

Figure 14. Anomaly Score Computation

The event is generated when the anomaly score exceeds a threshold for a set period of time.

Note: You can configure the threshold and time duration in the event configuration rules.

The anomaly score starts to decrease when the latency values are inside the historical bounds. The historical bounds have increased based on recent deviations in latency which makes the system less sensitive than prior to the event. The event ends when the anomaly score is below the threshold for a set period of time.

Figure 15 provides a detailed explanation of the anomaly score decreasing when an event ends.

Figure 15. Decreasing of Anomaly Score

At the end of the time range, historical bounds are narrowing as the latency has now returned to a stable value with minimum deviations. The history needs approximately six hours to have negligible impact on the statistics and bounds.

This screen also provides the following additional metrics of this event (see Figure 16):

  • The other CloudTracer metrics are displayed for this device and host pair

  • The latency metric between other devices and this host

  • The latency metric between this device and other hosts

Figure 16. CloudTracer Event Additional View

Custom Syslog Events

The Custom Syslog Event creates syslog message events based on rule conditions. To end all similar active events, you must update the configuration as per the recommended action provided in the EOS System Message Guide.

An EOS System Message Guide is published with every EOS release. In the guide, you can find all the common system messages generated by devices, including the syslog facility, mnemonic, severity, and log message format. To download the guide, click https://www.arista.com/en/support/software-download and look for SysMsgGuide under EOS release Docs.

Note: Rules are processed sequentially. Events that don't match user created rule conditions are processed by default rule(s).

Perform the following steps to create a rule for generating syslog events:

  1. On the CloudVision portal, click the Events tab. The system displays the Events screen.
  2. Click Configure Event Generation at the upper right corner of the Events section.
    Note: Alternatively, you can go to an event details screen and click Configure Event Generation to configure rules for generating events.
    The system displays the Generation Configuration screen with all configurable event types listed in the left pane.
  3. Click Custom Syslog Event.
    Figure 17. Custom Syslog Event Screen
  4. Click +Add Rule in the right pane.
    A new condition pane is displayed on the screen.
    Figure 18. Conditions Pane for the Custom Syslog Event Rule
  5. Provide the following information in specified fields:
    • Active devices autocomplete field -
    • Generate an event for these conditions checkbox -
  6. Choose either Single Instance Events or Time Period Events using the toggle button.
  7. Based on your choice between single instance events and time period events, provide the following relevant conditions for generating a rule:
    Note: The corresponding fields appear after you choose the required event type.
  8. Save Changes button - Click to save specified changes.

Configuring Single Instance Events

CVP creates a single instance event whenever either the specified syslog ID matches with the device syslog ID or the specified syslog message matches with the device syslog message. See Custom Syslog Events.

Provide the following information in specified fields to configure a single instance event:

  • Syslog ID - Provide facility, severity, and mnemonic of a syslog with regular expressions in the following fields:
    • Facility field - Type the facility of syslog in either simple string or regular expression.
    • All severities field - Select the severity of the device.
      Note: If no severity is selected, CVP considers all available severities.
    • Mnemonic field - CVP creates a single instance event when the log message specified in this field matches with a device syslog message.
  • Log Message field - The log message to match against the device syslog message.
    Note: You must mandatorily configure either a syslog ID or a log message.
  • Mute Period field - CVP does not create another similar event using this rule on a given device until the time period specified in this field expires for the ongoing event.
    Note: This prevents a large number of events generated for the same device within a short period of time due to a repetitive syslog message.
  • Event Title field - Type the event title.
  • Severity From Syslog checkbox - Select the checkbox if you prefer CVP to select the severity of the generated event to be derived from the syslog message severity.
    Note: CVP uses the following syslog message severities to event severities:
    • [0, 1, 2] - Critical event
    • [3] - Error event
    • [4] - Warning event
    • [5,6,7,...] - Info event
  • Severity dropdown menu - Select the preferred severity of the generated event. Severity is configurable only when Severity From Syslog checkbox is not selected.
  • Event Description field - Provide the event description.
  • Ignore subsequent rules for selected devices checkbox - Select the checkbox to suppress generating events for a specific syslog or override upcoming configurations.
  • Move Up / Move Down buttons - Use this button to manage the sequence of configured syslog event rules.
  • Delete button - Click to delete the corresponding rule.
Note: Syslogs with high severities like 0 (Emergency), 1 (Alert), 2 (Critical), and 3 (Error) generate events by default unless they are ignored by user configured rules.

Configuring Time Period Events

Events can also be configured to be time period events that remain active between the syslog message that creates it and the syslog message that ends the event. See the figure below.
Figure 19. Configuring Time Period Event

Provide the following information in specified fields to configure a time period event:

  • Start Log Message field - CVP starts a time period event when the start log message specified in this field matches with a device syslog message.
    Note: The start log message must be a string without special characters.
  • End Log Message field - CVP ends a time period event when the end log message specified in this field matches with a device syslog message.
    Note: The end log message must be a string without special characters.
  • Parameter field - Type the variable that must be configured in log messages specified in the Start Log Message and End Log Message fields.
    • Value field - Type a variable for the specified parameter in either a simple string or a regular expression.
    • Add Value - Click to add another variable for the specified parameter.

Ethernet is a parameter with values as Ethernet1 and Ethernet2. See the figure below.

In this case, the specified log messages matches with Ethernet1 and Ethernet2 values for either starting or ending an event.

Figure 20. Example1 of Parameter Variables

Ethernet is a parameter with a value as Ethernet.*. See the figure below.

In this case, the specified log messages matches with all ethernet values like Ethernet1, Ethernet1/2, Ethernet1/3, and so on for either starting or ending an event.

Figure 21. Example2 of Parameter Variables
  • Raise Time field - After a start rule matches, the starting of an event is delayed for the duration specified in this field.
    Note: If the end event log message arrives before this delay elapses, the event is not generated. This option is useful in situations where you wish to generate an event only when a syslog condition has persisted for at least some set period of time.
  • Clear Time field - After an end rule matches, the ending of the ongoing event is delayed for the duration specified in this field.
    Note: If the start event log message arrives before this delay elapses, the event is not ended and will continue as an active event. This option is useful in situations where you wish to generate a long single event which may encompass several start/end conditions being met during a set period of time.
  • Event Title field - Type the event title.
  • Severity From Syslog checkbox - Select the checkbox if you prefer CVP to select the severity of the generated event to be derived from the syslog message severity.
    Note: CVP uses the following syslog message severities to event severities:
    • [0, 1, 2] - Critical event
    • [3] - Error event
    • [4] - Warning event
    • [5,6,7,...] - Info event
  • Severity dropdown menu - Select the preferred severity of the generated event. Severity is configurable only when Severity From Syslog checkbox is not selected.
  • Event Description field - Provide the event description.
  • Ignore subsequent rules for selected devices checkbox - Select the checkbox to suppress generating events for a specific syslog or override upcoming configurations.
  • Move Up / Move Down buttons - Use this button to manage the sequence of configured syslog event rules.
  • Delete button - Click to delete the corresponding rule.
Note: A configuration change in the current rule ends all ongoing events.

Rule Labels

Rule Labels are optional conditions in Event Notifications for sending notifications to receiver platforms. Using rule labels allows you to create more complex notification rules in relation to generated events. An event can be generated with a rule label, which is configured and created in Event Generation. That label can be added as a condition to a rule in Event Notifications for sending an alert to a platform receiver.

Related Topics:

Creating a Rule Label

A rule label is created in Event Generation, which creates events in CloudVision. The label can be assigned as a condition in a rule for Event Notifications.

  1. Add or select a rule in Event Generation.
    Figure 22. Add Rule Label
  2. Add a rule label in the Rule Label field.

Assigning a Rule Label

You can assign rule labels that have been created in Event Generation to rules in Notifications. When an event is generated with a rule label, notifications will only be sent if the rule label matches the event generated rule label.

The notification rule will only generate an event that has a rule with a label that matches the selected rule label.

  1. Add or select a rule in Event Notifications.
    Figure 23. Assigning a Rule Label
  2. Click Rule Labels and select one or more existing rule label.
    Figure 24. Notification Rues

Platform Settings Overrides

When adding a receiver in Event Notifications, you can override existing platform settings in Platforms. This allows you to add default platform settings in Platforms and then use different settings when creating a receiver. You can have multiple settings for the same platform on a per-receiver basis.

Upon completion for the following steps, the receiver will use the override settings instead of the default settings created in Platforms.

  1. Add or select an existing receiver.
    Figure 25. Add or Select an Existing Receiver
  2. Click Platform Settings.
  3. Enter custom settings for the selected platform.
    Figure 26. Custom Settings for Selected Platform
  4. Click Save.

Compliance Events

Events will be generated when a provisioned device’s running configuration or image is out of sync with the designed configuration or image on CloudVision via the system's continuous compliance checker. This can occur when configuration or an image is pushed to a device outside of CloudVision, which prevents CloudVision from being the source of truth for device configuration.

Alerts will continue to be shown in Inventory, Compliance Overview, and Network Provisioning when a device is non-compliant.

Device Running Config Out of Compliance

A Device Running Config Out Of Compliance event is generated when CloudVision detects that a device’s running config is out of sync with its designed config on CloudVision. The event layout will show the running and designed configuration, along with related information about the compliance of the device, including the bug/security advisory exposure of the device.

Figure 27. Device Running Config Out of Compliance

The event has a Warning severity.

Device Designed Config Out of Compliance

A Device Designed Config Out of Compliance event is generated when the designed configuration for a device is out of sync with a device’s running configuration. This occurs when configuration created on CloudVision has not been pushed to a device.

Figure 28. Device Designed Config Out of Compliance

The event has an Info severity.

Device Image Compliance

A Device Image Compliance event is generated when a device’s designed and running image are out of sync. You will need to upgrade the correct image for the device on CloudVision and, if required, push the image to the device.

Figure 29. Device Image Compliance

The event has a Warning severity.

Managing Events

You can manage an event by customizing event rules differently. Refer to the following examples:

Disabling All Events of the Selected Type

Perform the following steps to disable all events of the selected type:

  1. Navigate to the Generation Configuration screen.
  2. Click the required event type in the left pane.
  3. In the right pane, Click the + Add Rule button.
    Note: Retain only one rule with no values defined. To disable the event only for selected datasets, select appropriate devices tags in the Devices field.
  4. Select the Stop generating events and checking rules checkbox.
    The system disables all events of the selected event type.
    Figure 30. Disable All Events of the Selected Type
  5. Click Save in the left pane.

Disabling All Events of the Selected Type with Exception

Perform the following steps to disable all events of the selected type with exceptions:
  1. Navigate to the Generation Configuration screen.
  2. Click the required event type in the left pane.
  3. In the right pane, Click the + Add Rule button.
  4. In the Conditions pane, provide the device tags that you still want to generate an event for. The system creates rule 1.
    Note: If you need devices with different conditions, add another rule by repeating steps 3 and 4.
  5. Click the + Add Rule button.
  6. In the appropriate Conditions pane, select the Stop generating events and checking rules checkbox. The system creates rule 3.
    Note: If you skip steps 5 and 6, the system applies default rules to all device tags except the ones that are defined in rules 1 and 2.
    Figure 31. Disable All Events of the Selected Type with Exception

    The system disables all events of the selected type except the ones that are defined in rules 1 and 2.

Acknowledging Events

Acknowledging an event confirms that you are aware of the corresponding event and its consequences. By default, acknowledged events are hidden and do not send alerts.

Perform the following steps to acknowledge an event:
  1. Click the Events tab. The system displays the Events screen.
  2. Select preferred event(s) in the side panel.
  3. Click Acknowledge n in the upper right corner of the side panel.
    Note: n represents the count of selected events.
    The system displays the Acknowledgment Event window.
    Figure 32. Acknowledgment Event Pop-Up
  4. (Optional) Type a note for other users explaining the reason for the acknowledgment.
  5. Click Acknowledge n events where n represents the count of selected events.
    Note: For acknowledged events, the system replaces the Acknowledge button with Un-Acknowledge button. To undo the acknowledgment activity, Click Un-Acknowledge in the side panel of the acknowledged event.

Configuring Notifications

The event alerting system sends notifications for CVP events as they alert operating platforms that you have set up. Once you have customized the topology view for your network, provide the required information to configure the monitoring of notifications.

Perform the following steps to configure event alerts:

  1. Click the Events tab.
  2. Click Configure Notifications at the upper right corner of the Events section. The system displays the Notification Configuration screen.
  3. Configure the following entities:
  4. Click Save in the left pane

Configuring Status

The Status section configures monitoring the health of notification system.

Perform the following steps to configure the notification criteria:
  1. Click Status. The system displays the Status screen.
    Figure 33. Status Screen of Notification Configuration
  2. On the Test Alert Sender pane, provide the required criterion in Severity, Event type, and Device drop-down menus.
  3. If required, click Send Test Notification to verify current configuration.

Configuring Platforms

The Platforms section specifies what platforms will receive notifications.

Perform the following steps to configure preferred platforms:
  1. Click Platforms. The system displays the Platforms screen.
    Figure 34. Platforms Screen of Notification Configuration
  2. Configure any of the following platforms through which you prefer to receive notifications from CVP:
    • Email

      Provide the following information to receive email notifications:

      • Type your SMTP servers hostname and port number separated by a colon in the SMTP Host field.
        Note: Typically, the port numbers of SMTP and SMTP over TLS are 25 and 587.
      • Select the Use TLS for SMTP checkbox if you prefer to encrypt notifications received from and sent to the SMTP server.
      • Type the email address that you prefer to display as a sender in the Email "From" Address field.
        Note: We recommend an email address with the domain of your organization.
      • Type the username of your SMTP account in the SMTP Username field.
      • Type the password of your SMTP account in the SMTP Password field.
    • Slack

      Create a custom integration through the Incoming WebHooks Slack application and type the Webhook URL in the Slack Webhook URL field.

    • VictorOps
      • In your VictorOps settings, add a new alert integration for Prometheus and type the Service API Key in the VictorOps API Key field.
      • If required, type a custom API URL in the VictorOps API URL field.
    • PagerDuty

      If required, type a custom API URL in the PagerDuty URL field.

    • OpsGenie
      • Create an API integration for your OpsGenie team and type the API key in the OpsGenie API Key field.
      • If required, type a custom API URL in the OpsGenie API URL field.
    • Google Chat

      In Google Chat the Alerter will send a message containing one or more alerts and related information.Follow the steps in the Google Chat for Developers Guide to create a webhook, use the webhook URL to configure the Google Chat platform on CloudVision.

    • Microsoft Teams

      In MS Teams the Alerter will send a message containing one or more alerts and related information.Follow the steps in the Microsoft Teams - Create Incoming Webhooks - document to create a webhook, use the webhook URL to configure the Microsoft Teams platform on CloudVision.

    • Zoom

      In Zoom the Alerter will send a message containing one or more alerts and related information.Add webhooks and get configuration information using the guide Using Zoom's Incoming Webhook Chatbot, once you have the URL and verification token you can enter them into the Zoom platforms settings on CloudVision.

    • Sendgrid

      Sendgrid is also available as an alternative to email.On CVaaS, Sendgrid requires no configuration, while for on-prem installations Sendgrid requires an API key and from address. It uses the same content templates as Email.

    • Syslog

      The Alerter will send a syslog message for each CVP event. The syslog facility must be set in the configuration. The syslog priority is mapped from the CVP severity and this mapping may be customized in the configuration.

      Syslog messages are formatted with the following values:
      • Timestamp: The time that the event fired/was resolved.
      • Hostname: a comma-separated list of device hostnames from the devices the event is related to.
      • Facility: from user configuration.
      • Severity: mapped from CVP severity according to user configuration.
      • Appname: tag from user configuration.
      • Message: $devices: $eventType - $description, $time
    • SNMP

      The Alerter will send an SNMP trap for each CVP event, this supports SNMPv1, SNMPv2c and SNMPv3.The OID of the SNMP Trap will use an OID from an Arista CloudVision Alerter specific MIB ARISTA-CV-MIB.txt, the message is a string message containing the necessary information.

Configuring Receivers

The Receivers section configures a receiver for each preferred team to send notifications and link receivers to notification platforms.

Perform the following steps to add new receivers:
  1. Click Receivers. The system displays the Receivers screen.
    Figure 35. Receivers Screen of Notification Configuration
  2. Click Add Receivers at the end of the screen.
  3. Type receiver's name in the Receiver Name field.
    Figure 36. Add Receiver Pane
  4. Click the Add Configuration drop-down menu.
  5. Select any of the options in following table and provide the required information to link alert receivers with alerting platforms.
    Table 1. Configuration Options
    Configuration Options Required Information
    Add Email Configuration

    • Type recipient's email address in the Recipient Email field.

    • If required, select the Send alert when events are resolved checkbox.

    Add VictorOps Configuration

    • Type a routing key in the Routing Key field.

    • If required, select the Send alert when events are resolved checkbox.

    Add PagerDuty Configuration

    • Type a routing key in the Integration Key field.

    • If required, select the Send alert when events are resolved checkbox.

    Add OpsGenie Configuration Select the Send alert when events are resolved checkbox.
    Add Slack Configuration

    • Type a channel in the Channel field.

    • If required, select the Send alert when events are resolved checkbox.

    Add Pushover Configuration

    • Type a recipient's user key in the Recipient User Key field.

    • Type a pushover API token in the Application API Token field.

    • If required, select the Send alert when events are resolved checkbox.

    Add Webhook Configuration

    • Type the URL where you prefer to post event alerts in the Target URL field.

    • If required, select the Send alert when events are resolved checkbox

    Note: Click the recycle bin icon at the right end of corresponding fields if you prefer to delete that configuration. Click Delete Receiver next to Add Configuration if you prefer to delete the corresponding receiver.

Configuring Rules

The Rules section customizes notifications that are sent to receivers.

Perform the following steps to add a new rule:

  1. Click Rules. The system displays the Rules screen.
    Figure 37. Rules Screen of Notification Configuration
  2. Click Add Rules. A new Rules Conditions pane is displayed on the screen.
    Figure 38. Rule Conditions Pane
  3. Next to Add Conditions, click Severity, Event Type, Device, and Device Tags to provide the criteria that are used for monitoring the health of the alerting system.
    Note: Click Remove at the end of a field to delete that configuration.
  4. Select the required receiver from the Receiver drop-down menu.
  5. Select required checkboxes among Severity, Event Type, Device, and Interface to group similar events into a single alert.
  6. Select the Continue checking lower rules checkbox to continue checking for alerts if this event matches subsequent rules.
  7. Click Move up if you prefer to move this rule up in the priority list.
    Note: Rules are processed sequentially. The default rule is applied only when an event does not match any other rules. Click Delete rule to delete the corresponding rule. Click Move down in configured rules to move the corresponding rule down in the priority list.