General Settings

Use the Administration > System Settings > General tab to configure system-wide settings.

The system settings automatically take effect after you click Update.

Note: Changes to certain settings may prompt a reboot of the appliance.

The General Settings Options table lists the general settings (upper section) of the General tab, and the following sections explain the lower General tab areas:

  • Syslog Port
  • Secure ULDP Settings
  • Maximum Number of Widgets in My Dashboard
  • Multi Line Log Delimiter
  • Data Privacy Options
  • Index Search Options
  • Global Retention Settings: Raw and Indexed Data
  • Scheduled Report Settings
  • SNMP Trap Sink
  • System Performance Settings
  • Custom Logo Upload
  • Usage Count
  • Build Details
    Note: Not all options are available for ST appliances. ST-only options are noted as such.
    General Settings Options
    Option Description
    Originating Email The email address that the appliance uses for the return address email notifications in alerts and scheduled reports.
    Note: If this field or any of the SMTP settings field are changed, you must re-synchronize triggers.
    SNMP Community String Type a private or customized community string for your appliance. The default is 20 characters.
    Note: It is good practice to change the default SNMP Community String, because multiple instances of LogLogic EVA might have the same SNMP Community String value.
    Enable Advanced Features The default is No (Not enabled).

    Select Yes to enable the following advanced features:

    • Advanced Search
    • Bloks: Filter, Correlation, and Time Bloks
    • Advanced Dashboards
    • Data Models
    • Enrichment Lists
    • Queries
      • Search Queries
      • Scheduled Queries
    • TAIL Queries
    • Rule Management: Triggers and Aggregation Rules
    • Monthly index
    • REST API support for Advanced Search
    • Exporting and Importing Configurations
    Note:
    • After enabling the advanced features, all sessions to the WebUI are disconnected for the period when the Tomcat engine restarts, after which users can login again.
    • LX825, LX1025, ST1025, and MX3025 appliance models
    • Use caution when enabling advanced features on LX4025, ST4025, MX4025, ST2025-SAN, or LX1025R1 models, because the memory requirements of these features when in use might cause performance issues. Also, continuous use of Advanced Features on these models can cause the appliance to run out of memory and lead to engine restarts or failure.

    For information about enabling advanced features using the CLI, see the system logu command.

    Enable Monthly Index Enables or disables the monthly index feature. The default is No.

    This feature can be enabled only if the Advanced Features option is enabled. For more information, see Enable Advanced Features.

    For information about enabling monthly index using the Command Line Interface (CLI), see the system monthly_index command.

    Enable SNMP Daemon By default, the SNMP Daemon is disabled to maintain system security. This option must be enabled if the appliance uses an SNMP Trap Sink. Select Yes to enable this option when you reboot the appliance.
    Enable SSH Daemon at Startup The SSH Daemon provides access to the appliance's Command Line Interface (CLI) from SSH clients.

    By default the SSH Daemon is turned on in the appliance. Select No to disable the SSH Daemon when you reboot the appliance. For details about the Command Line Interface (CLI), see Command Line Interface (CLI).

    Auto-identify Log Sources Automatically detects any syslog log sources connected to the appliance. This includes:
    • Multiple log sources sharing the same IP address.

      LogLogic LMI considers multiple sources using the same IP address as a single host, because LogLogic LMI uses the IP address to uniquely identify them.

    • Log sources whose log data is converted to syslog during collection
    To view all identified log sources, use Management > Devices. If you do not enable this option, you must manually add the following log sources.
    Note: If the Auto-identify Log Sources option detects a log source but does not recognize the exact type, the appliance adds it to the Management > Devices list as a general syslog log source.

    To manually change a general Syslog log source type:

    1. In the Management > Devices tab, click the log source name.
    2. From the Device Type drop-down menu, select the specific device type.
    3. Click Update.

    The Type column displays the device type you associated with the auto-identified log source.

    If you enable Auto-identify Log Sources and you have several thousand devices configured that need to be auto-identified, routing rules and alerts can slow the auto-identify process down.

    Enable Full Text Indexing Allows indexing of data. You can set this for your appliances independently. If enabled, all data is indexed.
    Note: Indexing uses additional storage.

    To retain the index data, configure rules from Administration > Data Retention Rules.

    To use message signatures and tags, you must enable indexing from Search > Index Search.

    DNS Resolve All Device Names Updates the DNS Resolve Flag for multiple devices.
    Note: If you select No, the Management > Devices > Apply this update to all devices, not just to those on this page check box overrides your General settings No option.
    Enable Parsing Enable or disables parsing in LogLogic LMI, so that no content is added to the Real Time database-driven reports.

    The default value is Yes.

    This feature is only available on LogLogic EVA and LX, MX models, and in effect makes them similar to an ST model.

    Allow Disabling of admin Super User Allows an admin user to disable the admin super user account. For more information, see Managing Users.
    Enable UI Verbose Logging Enables or disables logging detailed error messages on the GUI. The default value is Yes.

    If you select No, detailed logging is disabled, and a generic message is displayed instead of error or exception details. You can view the detailed information in syslog files by accessing the machine through SSH.

    Enable Manage Device Enables or disables the ability for users to configure or add devices under Home > Management Devices .
    Concurrent Login Sessions Indicates the maximum number of concurrent login sessions allowed for each LogLogic LMI user. After the permitted number of concurrent connections is reached, a message is displayed to the user on the next attempted login. The message indicates that the limit has been reached and requests the user to close one of the active sessions.

    The default number of concurrent login sessions allowed per user is 100.

    Note:
    • This value is applicable to all users in the system. For example, setting the value to 10 implies each user in the system can have at the most 10 concurrent sessions.
    • A full application restart is required for the changes to take effect. Follow the system prompts.
    • The limit on concurrent sessions is not applicable to the REST API used for Advanced Features.
    • After reaching the maximum number of concurrent login sessions, or when users abruptly end their login session, you can remove a user session from the Management > User Sessions tab.
    Enable Accept Detail Allows drill down for the Real Time and Summary detail reports.
    Note:
    • This option is not available on ST appliances.
    • You must enable this option to view Reports > Network Activity > Accepted Connections > Network Activity > Application Distribution, and detail reports. This might require additional time and storage in downloading these reports.