Configuring the LogLogic LX Appliance to Analyze Data
It is good practice to set up the LogLogic LX Appliance that replays archived data as you would a production appliance.
Specifically, to obtain the maximum benefit of replaying archived log data, ensure that you have all of the appropriate components and system settings configured in your Replay Appliance.
Consider configuring at least the following:
Alerts | Configure alerts to send SNMP events or email notification of specific occurrences found in the data in the replay session. |
Reports | Configure reports to analyze the data in the replay session. |
Search Filters | Configure search filters to run reports and searches on specific log data. |
Devices | Ensure that you have all applicable devices configured. |
Full Text Indexing | Consider turning on full-text indexing on all data (parsed and unparsed; unparsed data is log data that is not associated with a supported log source). |
PIX/ASA Messages | Enable if the archived data contains PIX/ASA messages (if you enable PIX/ASA Messages and you do not have PIX/ASA messages in the replay session, it does not impact the appliance). |
Message Routing | Enable only if you need to forward log data to another device. |
Data Retention | Configure how long to retain the data from the replay session on the destination LogLogic LX Appliance (retention time is counted from the time the log data was generated by the original log source). |
To speed up the setup process, use the Import/Export tool. For example, you can import components such as search filters and reports from any LogLogic LX Appliance. You must manually set system settings such as global retention settings and full-text indexing. For more information on importing and exporting components from one appliance to another, see Import or Export Entities Between Appliances.
Copyright © 2020. Cloud Software Group, Inc. All Rights Reserved.