Skip to main content
Skip table of contents

Add Multiple Log Sources

 Only Global Admins and Restricted Admins with elevated View and Manage privileges can take this action.

You can add Flat File and Windows Event log sources in batch from the System Monitors tab within Deployment Manager. This is helpful when you want to add a single log source type to multiple agents at one time instead of adding them individually to each agent. 

  1. On the main toolbar, click Deployment Manager.
  2. Click the System Monitors tab.
  3. Select the Action check box for the Agents to which you want to add a Log Source.

    The number of Agents that can be updated at one time may be restricted. For more information, see Limit the Number of Agents Available for Batch Updates.

    Be sure the Agents that receive load balanced log sources are configured to communicate with all Mediators that are used for load balancing for that set of Agents. Configuring these Agents to communicate with only some of the Mediators in the set will result in errors. For more information, see Load Balancing.

  4. Right-click the System Monitors grid, click Actions, and then click one of the following:

    • Add Windows Event Log Source. All selected agents must be Windows. In addition, they must all be Pre Vista (XP/2000/2003) or Vista + (Vista/Win 7/2008).

    • Add Flat File Log Source. All selected agents must either be Windows or Unix.

    The Log Source Type Selector window appears.

    Only the log sources of the associated type appear. For example, if you select Windows Event Log Source, only Windows Event Log Source types appear.

  5. Select the Log Source Types you want, and then click OK.
    The Log Source Settings dialog box appears. If multiple Log Source Types are selected, the first highlighted record is used.

    You can only edit certain values in the Basic Configuration tab.

  6. Select the Log Message Processing Settings.

  7. Click the Additional Settings tab and enter the appropriate settings.

  8. Click the Additional Info tab and enter additional information in text form for this log source.

    For Windows Event Log Source types, you can add an XML query to the Event Log Filter text box. For more information, see the Additional Info Tab table in Add a Single Log Source.

  9. To save the record, click OK or to exit without saving changes, click Cancel.
    The Log Sources appear within the agent properties and also on the Log Sources tab.

After a System Monitor Package has been loaded into the LogRhythm Client Console, it must be scheduled for application. For more information, see System Monitor Package Manager.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.