Sys Maintenance: Filter Event Sources

Document created by RSA Information Design and Development on May 12, 2016Last modified by RSA Information Design and Development on May 12, 2016
Version 2Show Document
  • View in full screen mode
 
  

You can choose a filter to display:

  • Events belonging to a particular event source
  • Events belonging to particular event source types
  • Events collected from a particular log Collector
  • Events list arranged in a order based on the Event Source Type, Log Collector, Log Decoder or Last Event Time. 

Procedure

To filter the list of event sources:

  1. In the Security Analytics menu, select Administration > Health & Wellness.
  2. Select Event Source Monitoring.
  3. Filter the list in one of the following ways:
  • To view the events generated by a particular event source, type the required event source in the Event Source field. Select Regex to enable Regex filter and click Apply. It performs a regular expression search against text and lists out the specified category. This field also supports globbing pattern matching.
    All events generated by the Event Source specified are displayed.
    esm_customize.PNG
  • To view events collected from a particular Log Collector, select a Log Collector from the drop-down list and click Apply.
    A list of all events being collected from the specified Log Collector from various event sources is displayed.

Note: Similarly you can also choose the following filters:
- To view events belonging to an event source type, select the event source type and click Apply.
- To view events received in a specified time frame, select the required time frame and click Apply. You can further filter the query results to contain only event sources that logs have been received from within the selected time or the query results to contain only event sources that logs have not been received from within the selected time.

For details on various parameters and description see Event Source Monitoring View .

Attachments

    Outcomes