An event destination is assigned to policies based on which, the agent will send or distribute the events data to respective destination.
When you create a policy, it automatically uses the default event destination. If you want to send event data to another destination, add an event destination to the policy or policy set. You can use the new event destination along with the default event destination or replace it. The updated event destination takes effect when the agent receives the updated policy information at the next heartbeat.
Following sections provide information about creating event destinations.
Change Guardian evaluates the event routing rules on a first-match basis in top-down order and applies the first matched event routing rule to events that match the filter criteria. You can configure event routing rules to evaluate and filter all incoming events and deliver selected events to designated output actions. For example, each severity 5 event can be logged to a file.
To create an event destination:
Log in to the web console, click CONFIGURATION > Events > Event Destinations.
Click Add.
Specify a unique name for the event destination.
Specify one of the event destination models.
Provide system information of the server where you want to send events.
(Optional) If you want to send Change Guardian system events that only match specific criteria, select the check box above the filter drop-down list, and provide filter criteria.
NOTE:The filter is applied to all event destinations configured on the server.
Change Guardian uses the Lucene query language for filtering events. For more information, see Apache Lucene - Query Parser Syntax.
Click OK.