Syslog Event Filters View for Remote Collector

Document created by RSA Information Design and Development Employee on Nov 22, 2016Last modified by RSA Information Design and Development Employee on May 4, 2017
Version 9Show Document
  • Comment0
  • View in full screen mode
  

This topic describes the parameters in the Syslog Filters view.

To access the Syslog Filters view:

  1. In the Security Analytics menu, select Administration >Services.
  2. In the Services grid, select a Log Collector service.
  3. Click Actions menu cropped under Actions and select View > Config.
  4. In the Log Collector Event Sources tab, select Syslog/Filters from the drop-down menus.
    The Filters view displays the Syslog filters that are configured, if any.

Features

The following table describes the Syslog Filters view parameters.

                                 
FieldDescription
KeyValid values are:
  • Syslog level
  • Source IP
  • Raw Event
OperatorValid values are:
  • Contains
  • Equals
Use RegexOptional. You can select this if you want to use regex.
ValueValue depends on the key value you selected.
For example if you choose Syslog level for Key, the value will be a number that denotes the syslog level.
Ignore caseOptional. Select this to ignore the case sensitivity.
ActionIf there is a match you can choose an action to accept, drop, next condition or next rule.
If there is no match you can choose an action to accept, drop, next condition or next rule.

Tasks

Configure Syslog Event Sources for Remote Collector

You are here
Table of Contents > Log Collection Configuration Guide > Reference - Configuration Parameters Interface > Log Collection Parameters > Log Collection Event Sources Tab > Syslog Event Filters View for Remote Collector

Attachments

    Outcomes

      Visibility: RSA Security Analytics 10.6.2201 Views
      Last modified on May 4, 2017 4:00 PM
      Ratings: