Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Adding a Log Source

 

If a log source is not automatically discovered, you can manually add a log source to receive events from your network devices or appliances.

The following table describes the common log source parameters for all log source types:

Table 1: Log Source Parameters

Parameter

Description

Log Source Identifier

The IPv4 address or host name that identifies the log source.

If your network contains multiple devices that are attached to a single management console, specify the IP address of the individual device that created the event. A unique identifier for each, such as an IP address, prevents event searches from identifying the management console as the source for all of the events.

Enabled

When this option is not enabled, the log source does not collect events and the log source is not counted in the license limit.

Credibility

Credibility is a representation of the integrity or validity of events that are created by a log source. The credibility value that is assigned to a log source can increase or decrease based on incoming events or adjusted as a response to user-created event rules. The credibility of events from log sources contributes to the calculation of the offense magnitude and can increase or decrease the magnitude value of an offense.

Target Event Collector

Specifies the JSA Event Collector that polls the remote log source.

Use this parameter in a distributed deployment to improve Console system performance by moving the polling task to an Event Collector.

Coalescing Events

Increases the event count when the same event occurs multiple times within a short time interval. Coalesced events provide a way to view and determine the frequency with which a single event type occurs on the Log Activity tab.

When this check box is clear, events are viewed individually and events are not bundled.

New and automatically discovered log sources inherit the value of this check box from the System Settings configuration on the Admin tab. You can use this check box to override the default behavior of the system settings for an individual log source.

  1. Click the Admin tab.
  2. Click the Log Sources icon.
  3. Click Add.
  4. Configure the common parameters for your log source.
  5. Configure the protocol-specific parameters for your log source.
  6. Click Save.
  7. On the Admin tab, click Deploy Changes.

Related Documentation