Verba provides the capability to configure alerts based on specific user actions in the web interface. The Audit Log Alerts feature can be found under the System \ Audit Log Alerts menu (under the Monitoring section).

In order to access this menu item, the user must have at least Read level access at the Audit Log Alerts permission. For further details, see User roles and User permissions.

Audit Log Alert Rules List

Once a user goes to the System \ Audit Log Alerts menu, it lands on the Audit Log Alert Rules list page. On this page, it's possible to filter the rules based on name or alert title, or order based on several properties.

The list of the rules can be also exported as XLS, RTF or PDF on the bottom of the page.

Adding a new Audit Log Alert Rule

A new Audit Log Alert Rule can be added by clicking on the Add New Audit Log Alert Rule link in the upper right corner ow the Audit Log Alert Rules List page.

The following table describes the properties of the Audit Log Alert Rules:

Property name	Description
Name	The name of the Audit Log Event Rule.
Alert Severity	The alert will be created with the severity selected here. The severity also defines the Trap OID and Event ID (see the section below). The available severities are: Fatal Critical Error Warning Notification
Alert Title	In the Windows Event Log, the alert data will contain a custom title provided here. This title will be picked up, and will be shown in SCOM as the title of the alert. Different properties of the Audit Log Events can be provided as variables: ${EVENT} ${USER} ${TIME}
Alert Message	The alert will be created with the message provided here. Different properties of the Audit Log Events can be provided as variables: ${EVENT} ${USER} ${TIME} ${DETAILS}
Event Regexes	The alert will be triggered when the name of the Audit Log Event matches the regex provided here. Besides this, the alert will be triggered also based on the values provided in the Events list (below).
Events	The alert will be triggered when one of the selected events happen. Events can be added with the >> icon, or removed from the list with the << icon. Besides this, the alert will be triggered also based on the regex provided in the Event Regexes (above).
Users	The alert will be triggered only for the users provided here.
Groups	The alert will be triggered only for the groups provided on the list. Groups can be added with the >> icon, or removed from the list with the << icon.
Event Detail Content Filters	The alert will be triggered only if the Audit Log Event details are matching to the filters provided here. A new filter can be added with the icon. If multiple filters are provided, then there will be AND logic between them. The Regex checkbox defines whether the provided values are regexes or not. The filter will match if the details of the Audit Log Event contain the value provided in the Matches Any of These textbox. If multiple lines are provided, then there will be OR logic between the lines.

Once the Audit Log Event Rule is configured, it can be saved by clicking on the Save button.

Alerts generated based on the Audit Log Alert Rules

There are five types of alerts defined, based on the severity of the alert:

Alert Name	Severity	Trap OID	Event ID
Audit Log Fatal	Fatal	1.3.6.1.4.1.39067.118.9.1	18901
Audit Log Critical	Critical	1.3.6.1.4.1.39067.118.9.2	18902
Audit Log Error	Error	1.3.6.1.4.1.39067.118.9.3	18903
Audit Log Warning	Warning	1.3.6.1.4.1.39067.118.9.4	18904
Audit Log Info	Info	1.3.6.1.4.1.39067.118.9.5	18905