How to filter Specific syslog IDs from being displayed in GMS/Analytics reports

Description

Syslog Exclusion Filter


The Syslog Exclusion Filter allows you to select what fields and operators to use for filtering the syslog database.

It is picked up by the Summarizer every 15 minutes and applied to the global syslog settings (a reboot of the server can be performed to immediately enforce the change).

The Syslog Exclusion Filters function in a manner similar to applying an exclusion filter to a single Firewall, but are applied to all appliances.


To add a filter, complete the following steps:


1 - Click Reports > Syslog Filter

Image

 

2 - Click Add a Filter. The Add Filter menu comes up

Image

 

3 - Select the syslog field name, and an operator and value, for the field you wish to exclude. Then select the level of Deployment: Appliance, Agent, or full Deployment.

If you select Appliance, you are prompted for the type of appliance: Firewall or SMA. If you select Agent, you are prompted to select from a list of agents (only used for GMS).

 

4 - Click Update.


You can also click the pencil in the Configure column to edit an existing filter setting. If this setting is grayed-out in the Configure column, the filter is a default system filter.

These defaults cannot be configured or deleted.

Syslogs are stored in the database without filtering, so the filters in the Syslog Exclusion Filter apply only to values displayed in Reports.

Related Articles

  • Analytics On-Prem vs NSM Feature Matrix
    Read More
  • Analytics On-Prem End of Life and NSM Transition FAQ
    Read More
  • NSM On-Prem: Backups over SCP to Windows OpenSSH Server
    Read More

Categories

Management and Reporting
GMS
Management and Reporting
On-Prem Analytics
not finding your answers?
Ask the Community