You can change an event rule's event, action, trigger condition and other settings, if any.
Exception: Events and actions selected in the built-in event rules are not changeable, including System Event Log Rule, System SNMP Notification Rule, System Tamper Detection Alarmed, and System Tamper Detection Unavailable.
On the Rules tab, select the event rule that you want to modify and click Edit, or simply double-click that rule.
To disable the event rule, deselect the Enabled checkbox.
To change the event, click the desired tab in the Event field and select a different item from the pull-down menu or submenu.
For example, in a user activity event rule for the "admin" user, you can click the "admin" tab to display a pull‑down submenu showing all user names, and then select a different user name or all users (shown as <Any user>).
If the 'Trigger condition' field is available, you may select a radio button other than the current selection to change the rule triggering condition.
To change the action(s), do any of the following in the Actions field:
To add any action, select it from the "Available actions" list box, and click . To make multiple selections, press Ctrl+click or Shift+click to highlight multiple ones.
To add all actions, click .
To remove any action, select it from the "Selected actions" list box, and click to move it back to the "Available actions" list box. To make multiple selections, press Ctrl+click or Shift+click to highlight multiple ones.
To remove all actions, click .
To create a new action, click Create New Action. The newly created action will be moved to the "Selected actions" list box once it is created. See Creating Actions for information on creating an action.
Click OK to save the changes.
Note: If you do not click OK before quitting the current settings page, a message appears. Then click Yes to save the changes, Discard to abort or Cancel to return to the current settings page.