Quantcast
Viewing all articles
Browse latest Browse all 2141

Rule and filter structure

Hi there,

 

New to Kiwi Syslog and need help setting up rules and grouping devices.  Interested to know what the best practices are and what others are doing. 

 

What I'm doing so far for example, is setup one rule for switches, one for vSphere, one for BladeCenters, etc.  This way, I can output similar devices to one display console, have different file rotation rules for grouped devices, and organize the log file structure into meaningful subfolders.  Is this the best way to go about it?

 

This seems to work until I get a new device that I'm not aware of pointed to the syslog server.  I assume without a rule that passes, the log from a host is dropped.  I think I need a rule at the end with a filter that says if you don't meet the criteria of all the other rules and filters, then use this one.  How do I do this?  Hopefully this makes sense.

 

Thanks!


Viewing all articles
Browse latest Browse all 2141

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>