D.0 Syslog Collector Package Policy

Event sources, Connectors, and Collectors can be auto-created based on policy information contained in installed Syslog Collector packages. These policies are specified in special properties of the connection modes in a SYSLOG connection method. A connection mode might contain an Applications, UniqueMatchingRule, or UniversalSyslogCollector property. These are described below:

NOTE:Only one of these properties should be specified.

Applications: This property contains a list of comma-separated application names for the syslog messages the Collector and connection mode can handle. Each application name in the list should be unique for all Collectors and connection modes. If multiple Collector plug-ins contain the same application name, only the first one spotted is used as authoritative. The log appliance logs a message stating that an application name is defined in multiple Collectors or connection modes, and also states, which one it selected as authoritative.

UniqueMatchingRule: This property contains a regular expression that can be used to find a matching syslog message. A device that generates a matching syslog message is assigned to this Collector and connection mode.

It is important that matching rules from different Collectors should never match the same message, to avoid ambiguity about which Collector/connection mode the device that generated the matching message should be assigned to.

UniversalSyslogCollector: This property should have a value of true. It specifies that the Collector/connection mode with this property is used for messages whose Collector/connection mode cannot be determined. It is the catch-all Collector and connection mode. There should be only one Collector/connection mode with this property. If more than one Collector and connection mode exists with this property, the log appliances logs an error and indicates which one it is using.

For the Collector and connection mode, only one of the above properties should be specified. If more than one property is specified, the log appliance logs a message and indicates which among the three properties it uses. It chooses the properties in the following order: 1) Applications, 2) UniqueMatchingRule, and 3) UniversalSyslogCollector