×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Important

   

Starting version 8.9.03, BMC Network Automation is renamed to TrueSight Network Automation. This space contains information about BMC Network Automation 8.9.02 and previous versions. For TrueSight Network Automation 8.9.03 and later releases, see the TrueSight Network Automation documentation.
BMC Network Automation 8.9 ... Administering Performing network administration tasks

Managing external event filters

External event filters specify which events (for example, syslog) are processed by the BMC Network Automation system. When BMC Network Automation processes an external event, the event is logged and sent to the Policy Manager. Events not matching the enabled filters are discarded.

The following table contains tasks for managing the external event filters by using BMC Network Automation, and provides links to the applicable topics:

Administering taskFor more informationBenefit
To add or edit an external event filterAdding or editing an external event filterAdd or edit an external event filter.
To perform actions on an external event filterViewing the external event filters listing

Use the filters list to perform the following actions on an external event filter:

  • Viewing
  • Editing
  • Copying
  • Deleting

BMC Network Automation is delivered with a set of filters that can be customized for your environment. The following filters are delivered enabled:

  • Log All Configuration Changes: Filters for syslog change events that trigger the Auto Archive policy.
  • Log Severity 0/1 as Critical Event: Filters for all syslog emergency (0) and alert (1) events. These events can be used to trigger a policy that is performing event-to-change correlation (for example, Multiple high severity events received and configuration change has occurred in past 48 hours).

BMC highly recommends disabling low severity syslog filters for optimum performance.

To help you get started, some filters for identifying specific Cisco events (for example, Link Down) are provided. These filters are disabled by default.

The Log All Configuration Changes filter is used to detect and categorize when a potential configuration file or firewall policy has changed. BMC Software strongly recommend that this filter remains enabled (the default state) to trigger the Auto Archive policy.

These filters have been designed for all supported devices. The Auto Archive policy automatically performs a configuration snapshot action when a potential configuration change has occurred. This enables the configuration repository to remain up-to-date without operator intervention.

The Log Severity filters are used to map external event severities to the system severities. In addition, a filter can be disabled to ignore lower severity events.

If an event matches multiple filters, it is processed once for each match. Therefore, an event is logged and forwarded to the Policy Manager for each match.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Sulekha Gulati on May 26, 2016
syslog external overview filters event_filters check_point contributor-updated

Comments

Log in or register to comment.

Running the export and import utility for device security profiles from the CLI
Adding or editing an external event filter
© Copyright 2013 - 2017 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.