NSS feeds for alert logs

You can configure a separate feed for alerts, so you can monitor the NSS. You can select the level at which alerts will be sent: Warning, Critical, or both. You can select multiple alert levels. 

To configure a feed for alerts:

1. Go to Administration → Nanolog Streaming Service.
2. On the NSS Feeds tab, click Add NSS Feed. The Add NSS Feed window appears.

3. On the Add NSS Feed window, enter the following information:

   Field	Information
   Feed Name	Enter or edit the name of the feed. Each feed is a connection between NSS and your Devo Relay.
   NSS Type	Select which type of feed you are configuring. NSS for Web is selected by default.
   NSS Server	Choose an NSS from the list.
   Status	The NSS feed is Enabled by default. Click Disabled if you want to activate it later.
   SIEM Destination Type	The type of destination. Choose between: SIEM IP Address - Enter the IP address of the Devo Relay to which the logs are streamed.  FQDN - (optional) Enter the destination for the TCP connection to which the logs are streamed. This allows failover from one IP to the other without manual intervention, but rather relying on updating the DNS entry. NSS will re-resolve the FQDN only when the existing connection goes down. This feature cannot be used for DNS-based load balancing.
   SIEM TCP Port	Enter the port number of the Devo Relay to which the logs are streamed. If you are using the proposed TCP configuration, type 13003.
   Log Type	Choose Alerts.

4. Select at which levels alerts will be sent: Critical, Warn, or both. You can select multiple alert levels. Click Save.

5. Click Save and activate the change.