Logger Configuration Types

Logger configurations set values for settings on hardware and software Loggers. The available Logger configuration types are listed here.

Logger Configuration Backup Configuration

A Logger configuration backup configuration sets values for scheduled configuration backups of hardware and software Logger to a remote system. The following limitation applies:

Note: You can neither create nor import settings related to a one-time configuration backup.

Logger Configuration Backup Configuration Parameters

Parameter

Data Type

Description

SCP Port*

String

Port of the remote system. Default value is 22.

Backup Server IP Address*

String

IP address of the remote system where the backup will be saved.

Username*

String

User name on destination.

Password*

String

Password on destination. (Obfuscated.)

Base Remote Directory*

String

Destination directory on the remote system. After a push, the destination host name is appended to this, to give it a unique value across all nodes.

When using a Logger appliance, some settings need to be configured in the /etc/hosts file. For more information, please refer to the Configuring Hosts for the Appliance chapter in the Logger Installation Guide.

Days of the Week*

List of comma-separated strings

Comma-delimited list of days of the week on which the backup will be performed. Valid values are Su, M, T, W, Th, F, Sa.

Hours of Day*

List of comma-separated integers

Comma-delimited list of hours of the day at which the backup will be performed. Valid values are integers from 0 to 23, where 0 is 12:00. For example, a value of 14 would correspond to 2 PM.

Backup Content*

String

Type of content to be included in the backup. Valid values are:

  • All: includes all backup data.

  • Report_Content_Only: includes only report data.

Logger Connector Forwarder Configuration

A Logger Connector Forwarder configuration sets values for one or more connector forwarders on a Logger (version 6.1 or later). Each forwarder in the configuration is represented by a different Property.

Note: Logger Connector Forwarder configurations can only be imported from managed Loggers, not created in ArcMC. See Importing a Subscriber Configuration for more information.

 

Logger Connector Forwarder Configuration Parameters

Parameter

Data Type

Description

Forwarder Name* String Display name of the forwarder
Filter Type* Enum

Filter type that was selected while creating a forwarder on logger. Valid types are Unified or Regex.

Query String Used to filter events that the forwarder will forward.
Unified Query Filters String Select from the default and user-defined Unified filters on the source Logger. Only visible if Filter Type is Unified.
Regular Expression Filters String Select from the default and user-defined Regex filters on the source Logger. Only visible if Filter Type is Regex.
Start Time DateTime Optional start of time range for selection.
End Time DateTime Optional end of time range for selection.
IP/Host* String IP address or host name of the destination that will receive forwarded events.
Port* Integer Port number on the destination that will receive forwarded events. Ensure this port is open on the destination.
Enable* Boolean If Yes, the forwarder is enabled.
Connection Retry Timeout* Integer Time, in seconds, to wait before retrying a connection.
Source Type* Integer

Source Type. Valid values:

  • Apache HTTP Server Access
  • Apache HTTP Server Error
  • IBM DB2 Audit
  • Juniper Steel-Belted Radius
  • Microsoft DHCP Log
  • Other

Logger ESM Forwarder Configuration

A Logger ESM Forwarder configuration sets values for one or more ESM destinations on a Logger (version 6.1 or later). Each destination in the configuration is represented by a different Property.

Note: Logger ESM Forwarder configurations can only be imported from managed Loggers, not created in ArcMC. See Importing a Subscriber Configuration for more information.

Logger ESM Forwarder Parameters

Parameter

Data Type

Description

Parameter

Data Type

Description

Forwarder Name* String Display name of the forwarder
Filter Type* Enum

Filter type that was selected while creating a forwarder on logger. Valid types are Unified or Regex.

Query String Used to filter events that the forwarder will forward.
Unified Query Filters String Select from the default and user-defined Unified filters on the source Logger. Only visible if Filter Type is Unified.
Regular Expression Filters String Select from the default and user-defined Regex filters on the source Logger. Only visible if Filter Type is Regex.
Start Time DateTime Start of time range for selection.
End Time DateTime End of time range for selection.
IP/Host* String IP address or host name of the destination that will receiveforwarded events.
Port* Integer Port number on the destination that will receive forwarded events. Ensure this port is open on the destination.
Enable Boolean If Yes, the forwarder is enabled.

Logger Filter Configuration

A Logger Filter configuration sets values for one or more saved searches on a Logger.

Each filter in the configuration is represented by a different Property.

Note: Logger Filter configurations can only be imported from managed Loggers, not created in ArcMC. See Importing a Subscriber Configuration for more information.

Logger Filter Configuration Parameters

Parameter

Data Type

Description

Filter Name*

String (Read-only)

Name of the filter.

Filter Category String Category of filter. Valid values are Shared, System and SearchGroup.

Filter Type*

String

Type of filter. Valid values are RegexQuery or UnifiedQuery.

Query*

String

Query string.

Permission Group String

Permission group which with the Logger filter is associated. When the configuration is pushed:

  • If the permission group is not present on the target Logger, the permission group will be created during the push.
  • If the permission group of the same name is already present on the target, but has different rights, the rights of the permission group on the target Logger will not be overwritten, and the association between the filter and the permission group will be removed.

Logger SmartMessage Receiver Configuration

A Logger SmartMessage Receiver sets values for one or more for SmartMessage Receivers.

A SmartMessage Receiver configuration pushed to a target overwrites any existing SmartMessage receivers on the target; other types of receivers such as UDP and TCP are not affected.

Logger SmartMessage Receiver Configuration Parameters

Parameter

Data Type

Description

Receiver Name*

String

Name of the receiver.

Enabled*

Boolean

If Yes, SmartMessage reception is enabled.

Encoding*

String

Encoding type. Valid values are:

  • UTF-8

  • US-ASCII

Logger Storage Group Configuration

A Logger Storage Group configuration sets values for one or more Logger storage groups.

Note: Logger Storage Group configurations can only be imported from managed Loggers, not created in ArcMC. See Importing a Subscriber Configuration for more information.

 

Logger Storage Group Configuration Parameters

Parameter

Data Type

Description

Storage Group Name*

String (Read-only)

Name of the storage group.

  • The pushed configuration must contain the same number of storage groups as configured on the Logger.

  • The names of the storage groups in the pushed configuration must match the names of storage groups on the Logger.

Maximum Age (Days)*

Integer

Maximum age of events in storage, in days.

Maximum Size (GB)*

Integer

Maximum size of the storage group, in gigabytes.

  • The cumulative size of all storage groups must not be greater than the storage volume size on the Logger.

Logger TCP Forwarder Configuration

A Logger Connector Forwarder configuration sets values for one or more TCP forwarders on a Logger (version 6.1 or later). Each forwarder in the configuration is represented by a different Property.

Note: Logger TCP Forwarder configurations can only be imported from managed Loggers, not created in ArcMC. See Importing a Subscriber Configuration for more information.

Logger TCP Forwarder Configuration Parameters

Parameter

Data Type

Description

Forwarder Name* String Display name of the forwarder
Filter Type* Enum

Filter type that was selected while creating a forwarder on logger. Valid types are Unified or Regex.

Query String Used to filter events that the forwarder will forward.
Unified Query Filters String Select from the default and user-defined Unified filters on the source Logger. Only visible if Filter Type is Unified.
Regular Expression Filters String Select from the default and user-defined Regex filters on the source Logger. Only visible if Filter Type is Regex.
Start Time DateTime Optional start of time range for selection.
End Time DateTime Optional end of time range for selection.
IP/Host* String IP address or host name of the destination that will receive forwarded events.
Port* Integer Port number on the destination that will receive forwarded events. Ensure this port is open on the destination.
Enable* Boolean If Yes, the forwarder is enabled.
Preserve System Timestamp* Boolean If Yes, the timestamp showing original event receipt time is preserved.
Preserve Original Syslog Sender* Boolean If Yes, event is sent as is, without inserting Logger's IP address in the hostname (or equivalent) field of the syslog event.
Connection Retry Timeout* Integer The time, in seconds, to wait before retrying a connection.

Logger Transport Receiver Configuration

A Logger Transport Receiver configuration sets values for one or more UDP, TCP, CEF UDP, or CEF TCP receivers.

Note: In Logger documentation, a Transport Receiver is referred to as simply a Receiver.

A pushed Transport Receiver type configuration will overwrite any existing UDP, TCP, CEF UDP, or CEF TCP receiver. Any other type of receivers, such as SmartMessage receivers, are not affected.

Logger Transport Receiver Configuration Parameters

Parameter

Data Type

Description

Receiver Name*

String

Name of the receiver.

Receiver Type*

String

Receiver type. Valid values are:

  • UDP

  • TCP

  • CEF UDP

  • CEF TCP

Receiver Name*

String

Name of the receiver.

Port*

Integer

Port number. Must be a non-zero positive number. Ensure this port is open on the destination.

Enabled*

Boolean

If Yes, transport reception is enabled.

Encoding*

String

Encoding type. Valid values are:

  • UTF-8

  • Shift_JIS

  • EUC-JP

  • EUC-KR

  • US-ASCII

  • GB2312

  • UTF-16BE

  • Big5

  • GB18030

  • ISO-8859-1

  • Windows-1252

For CEF UDP and CEF TCP receivers, only UTF-8 and US-ASCII apply.

Caution: Selection of the wrong encoding for a CEF receiver will cause a push failure.

Logger UDP Forwarder Configuration

A Logger Connector Forwarder configuration sets values for one or UDP forwarders on a Logger. Each forwarder in the configuration is represented by a different Property.

Note: Logger UDP Forwarder configurations can only be imported from managed Loggers, not created in ArcMC. See Importing a Subscriber Configuration for more information.

 

Logger UDP Forwarder Configuration Parameters

Parameter

Data Type

Description

Forwarder Name* String Display name of the forwarder
Filter Type* Enum

Filter type that was selected while creating a forwarder on logger. Valid types are Unified or Regex.

Query String Used to filter events that the forwarder will forward.
Unified Query Filters String Select from the default and user-defined Unified filters on the source Logger. Only visible if Filter Type is Unified.
Regular Expression Filters String Select from the default and user-defined Regex filters on the source Logger. Only visible if Filter Type is Regex.
Start Time DateTime Optional start of time range for selection.
End Time DateTime Optional end of time range for selection.
IP/Host* String IP address or host name of the destination that will receive forwarded events.
Port* Integer Port number on the destination that will receive forwarded events. Ensure this port is open on the destination.
Enable* Boolean If Yes, the forwarder is enabled.
Preserve System Timestamp* Boolean If Yes, the timestamp showing original event receipt time is preserved.
Preserve Original Syslog Sender* Boolean If Yes, event is sent as is, without inserting Logger's IP address in the hostname (or equivalent) field of the syslog event.

SecureData Configuration

A SecureData configuration sets values for the SecureData encryption client on a managed Logger.

SecureData Configuration Parameters

Parameter

Data Type

Description

Server* String SecureData server IP address.
Port* String SecureData server port.
Auth Identity* String SecureData authentication identity
Shared Secret* String SecureData shared secret
Event Fields* String Comma-separated list of event fields to be encrypted. Default data for event fields will be populated from the connector bin file uploaded in the repository. If there is no such file, then the default field will be defined by ArcMC.