Manage Pending Log Sources
From the Log Sources grid, you can also accept, reject, or delete pending log sources. Log sources may end up in the pending panel if a) no existing matching log source was found to associate with the pending log source, or b) multiple possible existing log sources could be associated with the pending log source.
Accept Pending Log Sources
To accept a pending log source:
From the Pending Log Sources panel, navigate to the row associated with the log source you wish to accept.
In the Actions column, click +.
To accept multiple pending log sources at once, select each log source to be accepted by checking the box for each log source’s row in the Check All column, and then open the Actions drop-down at the top of the panel and select Accept.
A maximum of 1000 pending log sources can be accepted at a time.
Click Accept to confirm you wish to accept the log source.
The Accept Log Sources window appears.Enter the following information. Fields marked with an asterisk (*) are required.
Field | Description | |
|---|---|---|
Entity | Open the drop-list and select the entity to which to map the log source during acceptance. | |
Log Source Type * | Open the drop-list and select the log source type for the new log source(s). | |
Processing Mode | Open the drop-list and determine whether MPE Processing and Event Forwarding are enabled or disabled for this log source. If enabled, Event Forwarding marks matching logs as an event and stores them in the Platform Manager Database. | |
MPE Policy * | Select the created MPE Policy you wish to use for the collection of the log source. | |
Enable Silent Log Source Alerts | Check the box to enable silent log source alerts. This option will issue a configurable warning and/or error message after logs have not been collected via the log source for a certain amount of time. | |
Issue Warning After | Enter the amount of hours and/or minutes after which a warning will be issued for a silent log source. | |
Issue Error After | Enter the amount of hours and/or minutes after which an error will be issued for a silent log source. | |
Do not archive | If checked, matching logs are not stored in offline archives. | |
Drop whole log | If checked, whole logs are not stored. | |
Drop raw log | If checked, raw logs are not stored. | |
Click Accept.
The log source(s) is successfully created and added to the Log Sources grid.
Reject Pending Log Sources
To reject a pending log source:
From the Pending Log Sources panel, navigate to the row associated with the log source you wish to reject.
In the Actions column, click -.
To reject multiple pending log sources at once, select each log source to be rejected by checking the box for each log source’s row in the Check All column, and then open the Actions drop-down at the top of the panel and select Reject.
A maximum of 1000 pending log sources can be rejected at a time.
Click Reject to confirm you wish to reject the log source(s).
The log source(s) is successfully rejected.
Rejected log sources can be viewed within the Pending Log Sources panel by checking the Show Rejected Log Sources option at the top of the screen.
Delete Rejected Log Sources
To delete rejected log sources:
From the Pending Log Sources panel, ensure the Show Rejected Log Sources option at the top of the screen is checked.
Navigate to the row associated with the rejected log source you wish to delete.
In the Actions column, click the Trash icon.
To delete multiple rejected log sources at once, select each log source to be deleted by checking the box for each log source’s row in the Check All column, and then open the Actions drop-down at the top of the panel and select Delete.
A maximum of 1000 rejected log sources can be deleted at a time.
Click Delete to confirm you wish to delete the log source(s).
The log source(s) is successfully deleted.
Column Descriptions
The following additional columns are visible in the Pending Log Sources panel. Clicking any column header sorts by that metric.
Column | Description |
|---|---|
Status | The following are the possible statuses that may appear in this column: Incomplete. The new log source has not been identified by the system yet. The user can act on the record now, or wait for the system to finish identifying it. When finished, the record status will be changed to Pending; however, the user will have to manually refresh the list to see the latest values from the database. Pending. The new log source is waiting for the user to accept or reject it. Rejected. The user has rejected the new log source. You should disable transmission of logs from the sending device prior to deleting the acceptance record or another pending log source will be generated. |
Search Scope | The search scope associated with the search result. For example, if duplicates were found at the Root Entity level, then this field would display Root Entity, even though the System Monitor might be configured for Global search scope. For information on changing the search scope of a System Monitor, see Set the Log Source Identification Search Scope. |
Search Result | The reason the Log Source search failed and a new log source acceptance record was created. There are two possible values: No matching log source found, or multiple matching log sources found. |
Log Host Name | The computer or device name that was either parsed out of the log message or determined by the message origin. May be blank. |
Device IP Address | The IP address that was either parsed out of the log message or determined by the message origin. May be IPv4 or IPv6, but never both. May be blank; however, either the log host or the IP address must be known. They cannot both be blank. |
Name | Name of the log source. |
Collection Host | Host performing the collection. |
Log Interface | This is the interface associated with the log, such as Syslog. |
Last Time Seen | The most recent time a request for this log source was received. Used to verify that requests are no longer being received prior to deleting the record. This value must be manually refreshed. |