Logger Configuration Types
Logger configurations set values for settings on hardware and software Loggers. The available Logger configuration types are listed here.
Logger Configuration Backup Configuration
A Logger configuration backup configuration sets values for scheduled configuration backups of hardware and software Logger to a remote system. The following limitation applies:
-
This Configuration is not supported if the Backup Server platform is CentOS 7.4.
Note: You can neither create nor import settings related to a one-time configuration backup.
Parameter |
Data Type |
Description |
---|---|---|
SCP Port* |
String |
Port of the remote system. Default value is 22. |
Backup Server IP Address* |
String |
IP address of the remote system where the backup will be saved. |
Username* |
String |
User name on destination. |
Password* |
String |
Password on destination. (Obfuscated.) |
Base Remote Directory* |
String |
Destination directory on the remote system. After a push, the destination host name is appended to this, to give it a unique value across all nodes. When using a Logger appliance, some settings need to be configured in the |
Days of the Week* |
List of comma-separated strings |
Comma-delimited list of days of the week on which the backup will be performed. Valid values are Su, M, T, W, Th, F, Sa. |
Hours of Day* |
List of comma-separated integers |
Comma-delimited list of hours of the day at which the backup will be performed. Valid values are integers from 0 to 23, where 0 is 12:00. For example, a value of 14 would correspond to 2 PM. |
Backup Content* |
String |
Type of content to be included in the backup. Valid values are:
|
Logger Connector Forwarder Configuration
A Logger Connector Forwarder configuration sets values for one or more connector forwarders on a Logger (version 6.1 or later). Each forwarder in the configuration is represented by a different Property.
Note: Logger Connector Forwarder configurations can only be imported from managed Loggers, not created in ArcMC. See Importing a Subscriber Configuration for more information.
Parameter |
Data Type |
Description |
---|---|---|
Forwarder Name* | String | Display name of the forwarder |
Filter Type* | Enum |
Filter type that was selected while creating a forwarder on logger. Valid types are Unified or Regex. |
Query | String | Used to filter events that the forwarder will forward. |
Unified Query Filters | String | Select from the default and user-defined Unified filters on the source Logger. Only visible if Filter Type is Unified. |
Regular Expression Filters | String | Select from the default and user-defined Regex filters on the source Logger. Only visible if Filter Type is Regex. |
Start Time | DateTime | Optional start of time range for selection. |
End Time | DateTime | Optional end of time range for selection. |
IP/Host* | String | IP address or host name of the destination that will receive forwarded events. |
Port* | Integer | Port number on the destination that will receive forwarded events. Ensure this port is open on the destination. |
Enable* | Boolean | If Yes, the forwarder is enabled. |
Connection Retry Timeout* | Integer | Time, in seconds, to wait before retrying a connection. |
Source Type* | Integer |
Source Type. Valid values:
|
Logger ESM Forwarder Configuration
A Logger ESM Forwarder configuration sets values for one or more ESM destinations on a Logger (version 6.1 or later). Each destination in the configuration is represented by a different Property.
Note: Logger ESM Forwarder configurations can only be imported from managed Loggers, not created in ArcMC. See Importing a Subscriber Configuration for more information.
Parameter |
Data Type |
Description |
---|---|---|
Parameter |
Data Type |
Description |
Forwarder Name* | String | Display name of the forwarder |
Filter Type* | Enum |
Filter type that was selected while creating a forwarder on logger. Valid types are Unified or Regex. |
Query | String | Used to filter events that the forwarder will forward. |
Unified Query Filters | String | Select from the default and user-defined Unified filters on the source Logger. Only visible if Filter Type is Unified. |
Regular Expression Filters | String | Select from the default and user-defined Regex filters on the source Logger. Only visible if Filter Type is Regex. |
Start Time | DateTime | Start of time range for selection. |
End Time | DateTime | End of time range for selection. |
IP/Host* | String | IP address or host name of the destination that will receiveforwarded events. |
Port* | Integer | Port number on the destination that will receive forwarded events. Ensure this port is open on the destination. |
Enable | Boolean | If Yes, the forwarder is enabled. |
Logger Filter Configuration
A Logger Filter configuration sets values for one or more saved searches on a Logger.
Each filter in the configuration is represented by a different Property.
Note: Logger Filter configurations can only be imported from managed Loggers, not created in ArcMC. See Importing a Subscriber Configuration for more information.
Parameter |
Data Type |
Description |
---|---|---|
Filter Name* |
String (Read-only) |
Name of the filter. |
Filter Category | String | Category of filter. Valid values are Shared, System and SearchGroup. |
Filter Type* |
String |
Type of filter. Valid values are RegexQuery or UnifiedQuery. |
Query* |
String |
Query string. |
Permission Group | String |
Permission group which with the Logger filter is associated. When the configuration is pushed:
|
Logger SmartMessage Receiver Configuration
A Logger SmartMessage Receiver sets values for one or more for SmartMessage Receivers.
A SmartMessage Receiver configuration pushed to a target overwrites any existing SmartMessage receivers on the target; other types of receivers such as UDP and TCP are not affected.
Parameter |
Data Type |
Description |
---|---|---|
Receiver Name* |
String |
Name of the receiver. |
Enabled* |
Boolean |
If Yes, SmartMessage reception is enabled. |
Encoding* |
String |
Encoding type. Valid values are:
|
Logger Storage Group Configuration
A Logger Storage Group configuration sets values for one or more Logger storage groups.
Note: Logger Storage Group configurations can only be imported from managed Loggers, not created in ArcMC. See Importing a Subscriber Configuration for more information.
Parameter |
Data Type |
Description |
---|---|---|
Storage Group Name* |
String (Read-only) |
Name of the storage group.
|
Maximum Age (Days)* |
Integer |
Maximum age of events in storage, in days. |
Maximum Size (GB)* |
Integer |
Maximum size of the storage group, in gigabytes.
|
Logger TCP Forwarder Configuration
A Logger Connector Forwarder configuration sets values for one or more TCP forwarders on a Logger (version 6.1 or later). Each forwarder in the configuration is represented by a different Property.
Note: Logger TCP Forwarder configurations can only be imported from managed Loggers, not created in ArcMC. See Importing a Subscriber Configuration for more information.
Parameter |
Data Type |
Description |
---|---|---|
Forwarder Name* | String | Display name of the forwarder |
Filter Type* | Enum |
Filter type that was selected while creating a forwarder on logger. Valid types are Unified or Regex. |
Query | String | Used to filter events that the forwarder will forward. |
Unified Query Filters | String | Select from the default and user-defined Unified filters on the source Logger. Only visible if Filter Type is Unified. |
Regular Expression Filters | String | Select from the default and user-defined Regex filters on the source Logger. Only visible if Filter Type is Regex. |
Start Time | DateTime | Optional start of time range for selection. |
End Time | DateTime | Optional end of time range for selection. |
IP/Host* | String | IP address or host name of the destination that will receive forwarded events. |
Port* | Integer | Port number on the destination that will receive forwarded events. Ensure this port is open on the destination. |
Enable* | Boolean | If Yes, the forwarder is enabled. |
Preserve System Timestamp* | Boolean | If Yes, the timestamp showing original event receipt time is preserved. |
Preserve Original Syslog Sender* | Boolean | If Yes, event is sent as is, without inserting Logger's IP address in the hostname (or equivalent) field of the syslog event. |
Connection Retry Timeout* | Integer | The time, in seconds, to wait before retrying a connection. |
Logger Transport Receiver Configuration
A Logger Transport Receiver configuration sets values for one or more UDP, TCP, CEF UDP, or CEF TCP receivers.
Note: In Logger documentation, a Transport Receiver is referred to as simply a Receiver.
A pushed Transport Receiver type configuration will overwrite any existing UDP, TCP, CEF UDP, or CEF TCP receiver. Any other type of receivers, such as SmartMessage receivers, are not affected.
Parameter |
Data Type |
Description |
---|---|---|
Receiver Name* |
String |
Name of the receiver. |
Receiver Type* |
String |
Receiver type. Valid values are:
|
Receiver Name* |
String |
Name of the receiver. |
Port* |
Integer |
Port number. Must be a non-zero positive number. Ensure this port is open on the destination. |
Enabled* |
Boolean |
If Yes, transport reception is enabled. |
Encoding* |
String |
Encoding type. Valid values are:
For CEF UDP and CEF TCP receivers, only UTF-8 and US-ASCII apply. Caution: Selection of the wrong encoding for a CEF receiver will cause a push failure. |
Logger UDP Forwarder Configuration
A Logger Connector Forwarder configuration sets values for one or UDP forwarders on a Logger. Each forwarder in the configuration is represented by a different Property.
Note: Logger UDP Forwarder configurations can only be imported from managed Loggers, not created in ArcMC. See Importing a Subscriber Configuration for more information.
Parameter |
Data Type |
Description |
---|---|---|
Forwarder Name* | String | Display name of the forwarder |
Filter Type* | Enum |
Filter type that was selected while creating a forwarder on logger. Valid types are Unified or Regex. |
Query | String | Used to filter events that the forwarder will forward. |
Unified Query Filters | String | Select from the default and user-defined Unified filters on the source Logger. Only visible if Filter Type is Unified. |
Regular Expression Filters | String | Select from the default and user-defined Regex filters on the source Logger. Only visible if Filter Type is Regex. |
Start Time | DateTime | Optional start of time range for selection. |
End Time | DateTime | Optional end of time range for selection. |
IP/Host* | String | IP address or host name of the destination that will receive forwarded events. |
Port* | Integer | Port number on the destination that will receive forwarded events. Ensure this port is open on the destination. |
Enable* | Boolean | If Yes, the forwarder is enabled. |
Preserve System Timestamp* | Boolean | If Yes, the timestamp showing original event receipt time is preserved. |
Preserve Original Syslog Sender* | Boolean | If Yes, event is sent as is, without inserting Logger's IP address in the hostname (or equivalent) field of the syslog event. |
SecureData Configuration
A SecureData configuration sets values for the SecureData encryption client on a managed Logger.
Parameter |
Data Type |
Description |
---|---|---|
Server* | String | SecureData server IP address. |
Port* | String | SecureData server port. |
Auth Identity* | String | SecureData authentication identity |
Shared Secret* | String | SecureData shared secret |
Event Fields* | String | Comma-separated list of event fields to be encrypted. Default data for event fields will be populated from the connector bin file uploaded in the repository. If there is no such file, then the default field will be defined by ArcMC. |