Adding or Modifying a Device Group
To add or modify a group, use the Add Device Group tab to arrange your log sources into bundles and categories.
You can create a group using log sources of the same type or of different types (for example, Cisco PIX/ASA and Juniper Firewall). The options on both tabs are the same.
Procedure
- From Management > Devices > Device Groups, click Add New. The Add Device Group tab appears.
- Type a unique Group Name to identify the log sources you are grouping.
- Select the appropriate Enable radio button to indicate whether the Group device is activated for your appliances. The default is Yes.
-
Select whether this group is a Local or Global group. Once you set the Group type, you cannot change it.
Option Description Local The group contains log sources on the current appliance only. Global The group contains log sources on multiple appliances. (Global groups can be created and accessed on Management Station only.) - Select Static (default) or Dynamic if you want the new device group to be updated automatically as new devices are added to the appliance.
- In the Description field, type an optional description for the Group device.
- Use the Device Filter fields to search for log sources connected to your appliance that you want to group together. To perform multi searches, search on more than one field.
-
Under
Available Devices, find the devices available that are available to add to the group. You can use one or any combination of the following fields:
- In the Name Pattern field, type a name of a log source to search for and add to your group. You can use regex wildcards for this search.
- In the IP Pattern field, type an IP address of a log source to search for and add to your group. You can use wildcards for this search. Regex wildcards are not supported.
- From the Device Type drop-down menu, select a log source to add to your group. A group can contain log sources of one type or multiple types.
- In the Desc Pattern field, type a description of a log source to search for and add to your group. You can use regex wildcards for this search. The descriptions that you define in the Add Syslog Device or Add File > Transfer Device screens are the fields that are searched using the Desc Pattern search.
- (Management Station and Global Group Types only) From the Appliance drop-down menu, select an appliance on which to search for log sources.
-
Click
Filter to search for log sources on your appliance with the specified search criteria.
The Available Device table lists all devices matching the criteria. The Available Device list contains the following information:
- Appliance—IP address of the appliance which contains the log source (Management Station only).
- Name—Log source name.
- IP Address—IP address for the log source.
- Type—Log source type.
- Enabled—Indicates whether the log source is enabled or not.
- Description—Lists the log source description.
Note:
- All devices that appear in the Available Devices list when the Filter button is clicked will be added automatically to the Dynamic Group. It is actually not necessary to click the Filter button for this to occur. New devices auto-discovered or manually added to the system will be added automatically to the Dynamic Group if the device matches the pattern.
- Dynamic Groups cannot contain Static Groups as members. However, Static Groups can contain Dynamic Groups as members.
- (For Static Groups Only) In the Available Device list, select the check box next to the log source name and click Add to add the log source to the Current Devices in Group list.
- The Current Devices in Group table lists the log sources you added from the Available Device table. You must add at least one log source to this list before you can save your group.
- (Optional) From the Current Devices in Group list, check the log source name and click Remove to move the selected log source to the Available Device list.
- Click Save to add the group of log sources to the Groups tab.
Copyright © Cloud Software Group, Inc. All rights reserved.