Device Management

Use the Management > Devices tab to configure devices (log sources) associated with the appliance.

You can manage log sources to specify:

• Log sources allowed to send log messages to the appliance
• Log sources from which appliances retrieve logs through file transfer
• Log sources from which appliances receive SNMP traps
• Log source groupings that enhance and simplify reporting, routing, searching, alerting, and so on.

Use the Devices tab to view log sources that have been added to the appliance.

If the appliance does not determine the log source type, it is assigned as a General Syslog log source type. It is good practice to manually change the log source type by selecting a log source from the Devices tab, which opens the Modify Device tab. Manually changing the device type does not guarantee making the logs for that source parseable. Moreover, by changing the device type of a known source, the deep parsing for reporting purposes might fail, because the rules do not match.

• To add a new log source to the appliance, click the Add New button.
• To modify an existing log source, click the log source’s Device Name.
• To modify multiple log sources together, you can:
  • Update the device type for multiple log sources, by clicking their check boxes, selecting from the Device Type drop-down menu, and clicking Update Type. See Updating a Device's Type.
  • Enable or disable device name resolution for multiple log sources, by clicking their check boxes, selecting from the DNS Resolving drop-down menu, and clicking Update Name Resolution. See Updating Device Name Resolution.
    Note: This overrides the System Settings > DNS Resolve All Device Names setting. This update occurs asynchronously and is the only way to immediately update a log source name, through a reverse DNS refresh, without waiting for the daily update.
• To remove a log source from the appliance, check the log source’s check box and then click Remove button.