Configure a Log Source

To configure a new Windows Event Log or Syslog source:

1. Select SETTINGS > Log Management > Log Data Source Setup from the main menu to launch the Log Data Source Setup interface.
2. First, click , then select either Windows Event Log or Syslog from the options displayed.
3. Click within the Add Device to Collect Logs dialog, then browse to and select a device using the group/device selector provided.
4. When you've selected the device you want to use as a log source, click Apply.

   Tip: You may select multiple devices by holding the Ctrl key when clicking device names/IP addresses.

   Tip: If you are configuring WinEvent Log collection, you can click Test to validate the associated credential to ensure log data will be successfully collected from the selected device(s).

5. Click Next.
6. Choose which logs to collect and which ingestion filter to apply.
   • If you are configuring WinEvent Log collection, you have several options to consider. First, use the radio buttons to collect Standard logs only or Specific logs. When Standard logs only is enabled, use the checkboxes provided to tag Application, System, and or Security log data for collection. When Specific logs is enabled, use the checkboxes provided to select individual logs by name. Both options allow for ingestion filter application per log type and a Bulk apply ingestion filter control which applies a single ingestion filter to all items displayed within the dialog.
   • If you are configuring Syslog collection, simply select the ingestion filter you want to apply to each log source using the applicable drop-down menu.
7. When finished, click Save.

The log source(s) you've configured now appear in the main Log Data Source Setup dialog. In addition to being the launching point for configuring a new log source, this interface also allows you to edit and remove log sources as well as enable/disable log sources and apply a single ingestion filter to multiple (WinEvent) log sources using the Bulk apply ingestion filter control.

Please note the following specific to the Bulk apply ingestion filter feature:

• If your device selection contains a single log type and the selected filter is of the same type, all logs are updated.
• If your device selection contains a single log type and the selected filter is not the same type, a message indicating, “No selected log sources match the type of the ingestion filter.” is displayed.
• If your device selection contains a multiple log types, the selected filter is applied to all logs in the device selection which match the filter type.

Tip: The Bulk apply ingestion filter feature respects results returned when using the Search field at the top of the dialog. By default, the bulk filter is applied to all logs of the selected ingestion filter type. To apply a bulk ingestion filter change to a specific log name, use the Search field to identify and select the target log name prior to filter application.

You can also access this workflow directly from the Logs tab on the Device Properties interface. When viewing Device Properties for a device you'd like to configure as a log source, select the Logs tab, then proceed with the same steps described previously beginning with clicking the icon. If you configure log data collection from Device Properties, it's important to note the Add Device to Collect Logs dialog is automatically populated with the device as the potential log source; no device selection is necessary, so the group/device selector tool cannot be accessed in this scenario.

See Also Log Management About Log Management Log Management Settings Creating filters Configuring a Log Management Filter Frequency Threshold Log Management Dashboard Log Viewer (Full Page Report)