Adding a Replay Rule

Replay rules let you define specific data to include in a Replay session.

Each Replay rule identifies data from the specific device and time frame, so you can specify to push data associated only with certain devices or from all devices.

For example, you can create a rule that pushes data for your Blue Coat Proxy SG log sources from 03/11/09 at 00:00:00 to 03/12/09 at 23:59:59. You can also define a rule to push data for a specific Cisco PIX/ASA log source by specifying the device type as Cisco PIX/ASA and the Source Devices as the specific log sources.

Procedure

  1. On the destination LogLogic ST Appliance, navigate to Administration > Replay.
  2. Click the Replay Rules tab.
    The Replay Rules tab appears listing all existing Replay rules in the appliance.
  3. Click the Add Rule button.
    The Add Replay Rule tab appears.
  4. Enter the following information:
    Option Description
    Rule Name Name of the rule
    Device Type Select the device or application generating the logs to be transferred
    Source Device IP address of the device from which you want to transfer files
    Search Filter Select the Pre-Defined search filter to use to filter the archived log data
    Time Interval Time interval for the archived data you want to process
  5. Click Save to save the Replay rule.

What to do next

After you add your Replay rule you can schedule a Replay session that uses your Replay rules.
Next topic: Modifying a Replay Rule
Previous topic: Setting Up a Management Station Relationship