Device Group Management

Use the Management > Devices > Device Groups tab to group log sources into a single virtual log source.

A log source must be part of the Available Devices list before it can be included in a group.

Device Groups are updated dynamically. For example, if you create a device group for all routers, and later add a new router to the appliance, the new router is automatically added to your router device group. Click the List link from the Devices column to view the group membership information.

• To add a new device group, click the Add New button. The Add Device Group tab appears.
• To modify an existing device group, click the device group’s Name (on Devices tab). The Modify Device Group tab appears. Enter your changes and click the Update Device button.
• To remove a group from the appliance, select the group’s check box and then click the Remove button.
• Click the List link from the Groups column to view the group membership information.
  Note: Non-hyperlinked names are system-generated groups for all log sources of a specific type. For example, “All Cisco PIX/ASA.” You cannot modify or delete these groups.

If you are running a Management Station, you can multi-select and group log sources across appliances. These global groups are accessible only from the Management Station on which the global group is created. To view global groups in a search or report screen, you must select All Appliances for Appliance.

When a Management Station is reverted back to being a regular appliance, its global groups are still visible but can only be deleted. When the appliance becomes a Management Station again the global groups can be used and modified as before.