The Event Source Monitoring view consists of the Event Source panel, Add/Edit Source Monitor dialog, Decommission panel, and the Decommission dialog. You use the view to configure:
- When to generate notifications for event sources from which the Log Collector is no longer receiving logs.
- Where to send those notifications.
- When to decommission a Log Collector when a Remote Collector and the Local Collector fails over to a standby Log Decoder.
The required role to access this view is Manage SA Auditing. To access this view:
- In the Security Analytics menu, select Administration > Health & Wellness.
- Select Settings > Event Source.
The Event Source tab is displayed.
For the related procedure, see Configure Event Source Monitoring.
Event Source Monitoring Panel
Add/Edit Source Monitor Dialog
In Add/Edit Source Monitor dialog, you add or modify the the event sources that you want to monitor. The two parameters that identify an event source are Source Type and Source Host. You can use globbing (pattern matching and wildcard characters) to specify the Source Type and Source Host of event sources as shown in the following example: