Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

Syslog Event Filters View for Remote Collector

Document created by RSA Information Design and Development on Nov 22, 2016•Last modified by RSA Information Design and Development on May 4, 2017

Version 9Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

This topic describes the parameters in the Syslog Filters view.

To access the Syslog Filters view:

In the Security Analytics menu, select Administration >Services.
In the Services grid, select a Log Collector service.
Click under Actions and select View > Config.
In the Log Collector Event Sources tab, select Syslog/Filters from the drop-down menus.
The Filters view displays the Syslog filters that are configured, if any.

Features

The following table describes the Syslog Filters view parameters.

Field	Description
Key	Valid values are: Syslog level Source IP Raw Event
Operator	Valid values are: Contains Equals
Use Regex	Optional. You can select this if you want to use regex.
Value	Value depends on the key value you selected. For example if you choose Syslog level for Key, the value will be a number that denotes the syslog level.
Ignore case	Optional. Select this to ignore the case sensitivity.
Action	If there is a match you can choose an action to accept, drop, next condition or next rule. If there is no match you can choose an action to accept, drop, next condition or next rule.

Tasks

Configure Syslog Event Sources for Remote Collector

Previous Topic:Log Collection Event Sources Tab

Next Topic:Syslog Event Source Configuration Parameters for Remote Collector

You are here

Table of Contents > Log Collection Configuration Guide > Reference - Configuration Parameters Interface > Log Collection Parameters > Log Collection Event Sources Tab > Syslog Event Filters View for Remote Collector

Attachments

Outcomes

0 Comments

Recommended Content

Incoming Links