You must be logged in as an Administrator to take this action.
-
On the main toolbar, click Deployment Manager.
-
Select the Log Processing Policies tab.
-
Click the New icon on the toolbar.
The Log Source Type Selector window appears. -
Select a Record Type Filter.
-
In the Log Source Type list, select a Log Source Type.
-
Click OK.
The MPE Policy Editor window appears. -
Enter a policy name.
-
(Optional) Enter a description.
-
Enable the selected rules:
-
Select the box in the Edit column of each rule you want to enable.
-
Right-click and select Properties from the context menu.
-
Enter the appropriate information in the MPE Policy Rule Editor:
-
Check Enabled to allow further selections in this window.
-
Check Override Log Source Management Settings to allow selection from the list.
-
Don't Archive. Do not write a copy of the logs to archives.
-
Drop Whole Log. Log messages are not indexed.
-
Drop Raw Log. Only log meta-data are indexed.
-
-
(Optional) Under Log Processing Settings, select Disable Automatic Host Contextualization (AHC).
-
Under Platform Manager Settings:
-
Select Log should be forwarded as event.
-
Select the Risk Rating and /or the False Alarm Rating for the forwarded logs.
-
-
Under LogMart Settings, select the Override Log Source LogMart setting check box.
Global Log Processing Rule Manager can override sending logs to LogMart.
-
(Optional), click Advanced to display the LogMart Record Fields window where you can specify fields to store in the LogMart record.
-
-
-
Click OK when you are finished.
You return to the MPE Policy Rule Editor window. -
(Optional) Enable Allow Automatic MPE Rule Sorting.
-
Click OK.
The new policy appears in the list, ready for assignment to a log source.