Supress certain logs
I would like to neglect certain logs not to be captured in log collector, where I could see lot of unnecessary logs being captured in investigation. Is there any ways we can filter not to be captured or neglect such kind of logs being logged in SA? RSA Customer Support" data-type="space RSA NetWitness Suite" data-type="space @
Have a look at below URL mentioning Event filter at Log collection layer. Hope this helps. Though it talks only about event ID or logging level filter, this should help you in some cases if you know what logs to filter
Currently it works with below filters;
- Syslog level
- Source IP
- Raw Event
For other collection methods: Event ID (EventID)
But SA version am currently using is 10.6
So i cant find some matching steps ass shown in link. It would be apprciated if you get me appropriate version.
Thanks in advance.