====== Audit logs ======
  Monitoring of the audit logs allows to detect any suspicious activity 
===== Configuration hints =====
  * Use this monitor to watch audit logs and report selected events
  * You select to monitor the following types of events:
    * Task start
    * Report start
    * RFC start
    * RLogon events
    * User Management
    * Log level
    * System events
    * Logon events
  * For each kind of events, use can tailor the monitoring response using filters on the following elements:
    * Client
    * TCODE
    * Program
    * User
    * Message

  * You can choose the thresholds for alarm triggering based on the number of events matching a rule within a given period
  * **Note:** Audit logs must be active on the system

==== Surveillance table ====

^Parameter^Description^
^Active|To enable or disable a rule|
^Client|To filter results for specific client. You can use regular expressions|
^Tcode|To filter results for specific transaction. You can use regular expressions|
^Program|To filter results for specific Program. You can use regular expressions|
^User|To filter results for specific user. You can use regular expressions|
^Message|To filter results for specific message. You can use regular expressions|
^Max Log|Threshold of number of events for triggering an alarm|
^Aggregates|If set to true, only one alarm for all events matching the filter will be sent. If set to false, one alarm per event will be sent.|
^Severity|The severity of the alarm generated if threshold is breached.|
^Auto clear|If checked, the alarm will be cleared as soon as the alarm condition is not met anymore.|
^Alarm tag|A field to use if you want to prefix alarm message with a given text.|
^Alarm|Enable/disable alarm sending|
^Metadata|Enable/disable metadata sending|