Adding or Modifying a Device Group

To add or modify a group, use the Add Device Group tab to arrange your log sources into bundles and categories.

You can create a group using log sources of the same type or of different types (for example, Cisco PIX/ASA and Juniper Firewall). The options on both tabs are the same.

    Procedure
  1. From Management > Devices > Device Groups, click Add New. The Add Device Group tab appears.
  2. Type a unique Group Name to identify the log sources you are grouping.
  3. Select the appropriate Enable radio button to indicate whether the Group device is activated for your appliances. The default is Yes.
  4. Select whether this group is a Local or Global group. Once you set the Group type, you cannot change it.
    Option Description
    Local The group contains log sources on the current appliance only.
    Global The group contains log sources on multiple appliances. (Global groups can be created and accessed on Management Station only.)
    Note: Global groups:
    • cannot contain another global group as a member.
    • are marked with an asterisk (*) in the Groups tab.
    • are not supported with IPv6 addresses.
  5. Select Static (default) or Dynamic if you want the new device group to be updated automatically as new devices are added to the appliance.
  6. In the Description field, type an optional description for the Group device.
  7. Use the Device Filter fields to search for log sources connected to your appliance that you want to group together. To perform multi searches, search on more than one field.
    Note: If a match is found for your search, the results display in the Available Device section.
  8. Under Available Devices, find the devices available that are available to add to the group. You can use one or any combination of the following fields:
    1. In the Name Pattern field, type a name of a log source to search for and add to your group. You can use regex wildcards for this search.
    2. In the IP Pattern field, type an IP address of a log source to search for and add to your group. You can use wildcards for this search. Regex wildcards are not supported.
    3. In the Collector Domain field, type a collector domain to search for and to add to your group.
    4. From the Device Type list, select a log source to add to your group. A group can contain log sources of one type or multiple types.
    5. In the Desc Pattern field, type a description of a log source to search for and add to your group. You can use regex wildcards for this search. The descriptions that you define in the Add Syslog Device or Add File > Transfer Device screens are the fields that are searched using the Desc Pattern search.
    6. (Management Station and Global Group Types only) From the Appliance list, select an appliance on which to search for log sources.
  9. Click Filter to search for log sources on your appliance with the specified search criteria.

    The Available Device table lists all devices matching the criteria. The Available Device list contains the following information:

    Appliance—IP address of the appliance which contains the log source (Management Station only).
    Name—Log source name.
    IP Address—IP address for the log source.
    Type—Log source type.
    Enabled—Indicates whether the log source is enabled or not.
    Description—Lists the log source description.
    Note:
    • All devices that appear in the Available Devices list when the Filter button is clicked are added automatically to the Dynamic Group. It is actually not necessary to click the Filter button for this to occur. New devices auto-discovered or manually added to the system are added automatically to the Dynamic Group if the device matches the pattern.
    • Dynamic Groups cannot contain Static Groups as members. However, Static Groups can contain Dynamic Groups as members.
  10. (For Static Groups Only) In the Available Device list, select the check box next to the log source name and click Add to add the log source to the Current Devices in Group list.
  11. The Current Devices in Group table lists the log sources you added from the Available Device table. You must add at least one log source to this list before you can save your group.
  12. (Optional) From the Current Devices in Group list, check the log source name and click Remove to move the selected log source to the Available Device list.
  13. Click Save to add the group of log sources to the Groups tab.
    Note:
    • A user must have “all device access” to create or update a Dynamic Group.
    • A user can be given explicit permission on the Dynamic Group, but if they do not have “all device access”, they can see and use the Group, but cannot edit it.