Adding or Modifying Log Sources

You can add or modify log sources from the Management > Devices > Devices tab.

  • To add a new syslog log source, click .
  • To modify an existing syslog log source, click an existing syslog log source name from the list.

The options on both tabs are the same.

Perform the following steps to add a Log Source Profile.

Procedure

  1. Type the name of the log source. The length of the log source name should not exceed 63 characters.
  2. Type a description of the log source.
  3. From the Device Type drop-down menu, select the type of log source you are adding. This cannot be changed once the device profile is added.
    Note: The File Transfer Rule tab displays only if you select a device type that supports file transfer rules. Otherwise, the tab does not display.
  4. In the Host IP field, enter the IP address of the log source.
  5. In the Collector Domain field, enter an identification name that will be used to identify each message sent from this device. This field can be empty. If defined, it must be an unique name with a maximum of 256 characters. Do not include special characters, for example, \| / " ? * : %. This field is also case sensitive.
  6. Under Enable Data Collection, select the Yes radio button to accept logs from this log source.
  7. Select Refresh Device Name through the DNS Lookups to have the Name field automatically updated with one obtained through a reverse DNS lookup on the configured refresh interval. Configure the refresh interval in the Administration > System Settings > General tab Refresh Auto-Identified Device Interval field. The DNS name overrides any manual name you assign in the Name field.
  8. To specify settings that are specific to a certain type of log source:
    • (For Oracle Database only) In the Polling Interval field, enter the number of minutes between polls to retrieve log data from the Oracle database. The polling interval applies to all Oracle database instances configured for the log source. For example, to poll the Oracle database once every hour, enter 60.
    • (For Blue Coat Proxy SG only) Select the Use SSL check box to use SSL to communicate from the appliance to the Blue Coat machine for file transfer.
    • (For Blue Coat Proxy SG only) Select the Use User Authentication check box to authenticate the user name and password for file transfer from the Blue Coat machine to the appliance. The user name and password should match one of the users listed in the User tab.
    • (For Blue Coat Proxy SG only) In the SSL Certificate field, copy this automatically-generated certificate to the Blue Coat machine. You cannot use SSL without copying the SSL Certificate to your Blue Coat machine. For example, you must copy this certificate on to your Blue Coat machine to enable encryption while transferring files.
  9. (For Mircosoft SQL Server only) Under the MS SQL Server Collector Configuration section, type in the following information:
    • Use DBCC TRACEON (optional) — Select this check box to use SQL query “DBCC TRACEON (1903)” before collection of log data.
    • Use XP Cmd Shell (optional) - Select this check box to use xp_cmdshell
    • Authentication—Select SQL Authentication or Windows Authentication.
    • Domain Name —If you have selected Windows Authentication provide the corresponding domain name of the user.
    • Database Name—Microsoft SQL Server database instance name
    • Server Port—Port number for Microsoft SQL Server
    • UserID—User name for the Microsoft SQL Server sysadmin user or Windows Authentication
    • domain user based on the selection of the Authentication type.
    • Password/Confirm Password—Password for the corresponding user authentication type.
    • Rows per Collection—Max number of rows per collection polling interval.
    • No. of Collections—Max number of polling intervals per collection run.
    • Trace Files Path—Audit log file name for Microsoft SQL Server. The pathname must be the absolute path to the trace (.trc) file. The LogLogic appliances need to be able to read new trace files that are created after server restart.
    • Start Collection From Date—Date and time that the LogLogic appliance will begin to collect log data.
    Note: User can collect data from trace files at multiple locations, to specify different location use “Add Row” button and input data for trace file path and start time.
  10. Click Add or Update to save your changes.