Create Pattern Match Log Source Acceptance Rules

 Only Global Admins or Restricted Admins with elevated View and Manage privileges can take this action.

1. On the main toolbar, click Deployment Manager.
2. On the Tools menu, click Administration, and then click Automatic Log Source Acceptance Rule Manager.
   The Automatic Log Source Acceptance Rule Manager appears.

3. Click New, and then click Log Message Pattern Match Rule.
   The Automatic Log Source Acceptance Configuration dialog box appears.

4. In the Rule Name box, type a descriptive name for the rule.

5. To add a new regex pattern, click Add.

6. Type or paste the regex to use for matching log messages in the box that appears, and then click Save.

7. Repeat steps 5 and 6 to add more regex patterns.

   

   There is no limit to the number of patters you can add, but performance is best when using no more than three. Messages are evaluated against all regex patterns, top to bottom, until a match is found or until all patterns have been evaluated.

   

   To modify an existing pattern, double-click the pattern, modify it in the box that appears below the grid, and then click Update. Alternatively, select the Action check box to the left of the pattern, right-click the grid, and then click Update. To delete an existing pattern, select the Action check box to the left of the pattern, right-click the grid, and then click Delete.

8. Modify the remaining configuration parameters for the new rule, as follows:

   Parameter	Description
   Log Interface Type	Select a Log Interface Type from the following values: Syslog, Netflow, SNMP TrapReceiver, or sFlow. Your selection filters the Log Source types that are available in the Log Message Source Type list.
   Log Message Source Type	If the Automatically Identify Log Source Type option is enabled, select the specific Log Message Source Type to apply to Log Sources that match this rule. If you know the name of the log message source, begin typing it to filter the available options. Otherwise, click the arrow to scroll through all options.
   Log Message Processing Engine (MPE) Policy	Select the MPE Policy to be applied to Log Sources that match with this rule.
   System Monitor Entity	Click the ellipses [...] button to select the System Monitor Entity from which the log sources can originate. To allow multiple entities, press Ctrl and select each entity you want. If you have one entity selected and want to add another, click the ellipses [...] button, and then select all entities you want, including the original.
   Target Entity for Automatically Accepted Sources	Click the ellipses [...] button to select the host entity to which the new log source will be assigned. Note the following conditions: The default is the Collection System Monitor Entity. If you select a different entity and then want to restore the default, click the ellipses [...] button, do not select any options, and then click OK. You can only select one target entity. Using the Select All options in the Edit menu will not have any result. Make sure you understand how search scope works so that you select an appropriate target entity.
   Automatically Resolve Host	Select this check box if you want to perform automatic host resolution on Log Sources that match this rule. Enabling this option does not automatically accept matching Log Sources.
   Automatically Identify Log Source Type	Select this check box if you want to apply the Log Source type that is selected in the Log Message Source Type list. Enabling this option does not automatically accept matching Log Sources.
   Automatically Accept Sources	Select this check box if you want to automatically accept Log Sources that match this rule.

9. When you are finished configuring the rule, click OK.