In deployments where the number of new Log Sources is high, administrators can configure various levels of automatic Log Source acceptance, as follows:
- Automatically Resolve Log Source Host
- Automatically Identify the Log Source Type
- Automatically Accept the Log Source (includes host resolution and identification of Log Source type)
You can create one or more rules to be used to evaluate incoming Log Sources. Acceptance can be based on the IP address of a new Log Source, or on regular expression pattern matching. You can have multiple rules enabled, and you can use the Log Source Acceptance Rule Manager to enable or disable rules, or change the priority of rules.
Auto-Acceptance and Search Scope
When the Target Entity is specified for an automatic log source acceptance rule, it is important to ensure the log source search scope is set appropriately for the System Monitor that initiates the auto-acceptance. The log source is processed as follows:
- If the Target Entity is in the System Monitor's search scope, the log source and host are created in the Target Entity.
- If the Target Entity is not in the System Monitor’s search scope, the log source goes into the acceptance table where it can be manually accepted. An ERROR log is written to the scmedsvr.log file indicating what the scope problem is and how to remedy it.
- If the System Monitor’s search scope is set to System Monitor, an ERROR log is written to the scmedsvr.log file indicating what the scope problem is and how to remedy it. The System Monitor search scope only provides access to the log sources that System Monitor owns. Therefore, it cannot verify that there is no other host or log source with that IP address, so the auto-acceptance is rejected to prevent creating duplicates in the Target Entity.
For information on changing the search scope of a System Monitor, see Set the Log Source Identification Search Scope.