Log Sources syslog-sampleCommented.ls.xml

<!-- This is the SYSLOG Log Source configuration file.

The source of logs to be forwarded is a SYSLOG message.

IMPORTANT: The file name must be composed of:

- an ID, for example, syslog-sample

- an extension, i.e. *.ls.xml.

-->

<!-- The Type refers to the type of Log Source. -->

<logsource type="syslog" schemaVersion="2.0">

<general>

<!-- Define whether the current Log Source is active (true - default value) or inactive (false) -->

<active>true</active>

<!-- Enter the SYSLOG configuration label -->

<name>ls-syslog-template</name>

<!-- Enter the SYSLOG file description information -->

<description>Comment of the ls-syslog-template</description>

<!-- Enter the information about the modification of the SYSLOG configuration -->

<revision>

<!-- Enter the SYSLOG file author's name -->

<author>admin</author>

<!-- Enter the name of the user who last modified the SYSLOG file -->

<lastModifiedBy>admin</lastModifiedBy>

<!-- Enter the date and time of the SYSLOG file creation -->

<creationDate>2017-01-20T01:00:00-01:00</creationDate>

<!-- Enter the SYSLOG file last modification date and time -->

<lastModifiedDate>2017-01-25T03:40:10-01:00</lastModifiedDate>

</revision>

</general>

<!-- Enter log forwarding information -->

<forwarding>

<!-- Enter the information about the LMI connection necessary to send logs from the UC to the LMI server -->

<uldp>

<!-- Enter the LMI connection ID without the extension, e.g. uldp-sample -->

<connectionIds>

<connectionId>uldp-sample</connectionId>

</connectionIds>

<!-- Define whether the log message sent to the LMI server remains in a local time zone (false - default value) or is converted into UTC (true) time zone -->

<timeInUtc>false</timeInUtc>

</uldp>

</forwarding>

<!-- Enter log collection information -->

<collection>

<!-- If there are multiple network interfaces, enter the IP address to listen to the logs.Otherwise, all the IP addresses are listened to. -->

<ip>0.0.0.0</ip>

<!-- Enter the port to listen to logs -->

<port>514</port>

<!-- Define whether the Log Source uses the udp (default value) or tcp SYSLOG protocol. Attention: 'udp' or 'tcp' must be in lower case -->

<protocol>udp</protocol>

</collection>

<!-- Enter log filtering information -->

<filter>

<!-- Enter the minimum accepted severity (see RFC 3164) -->

<severity>6</severity>

<!-- Enter the accepted facilities (see RFC 3164)

To indicate what are the facilities to be accepted:

- use a '-' to indicate a range, e.g. 0-22

- use a ';' to indicate the exact facilities, e.g. 1;8;23

- use '-' and ';' to indicate the exact facilities and a range, e.g. 1;8-23

Note: 0-23 is the default value-->

<facilities>0-23</facilities>

<!-- Enter the regular expression to filter the accepted source host. All the logs from all the IP addresses are collected if .* (default value) is set. -->

<sourceIp>.*</sourceIp>

</filter>

<!-- Enter a tag to filter, sort and search for log sources. Tags are case sensitive. -->

<tags>

<!-- You can enter as many tags as you need. The possible values are ._A-Za-z0-9 and blank space. -->

<tag>sample</tag>

<tag>commented</tag>

</tags>

</logsource>