Creating collection policies

To start collecting logs, add all the collection-related configurations to a collection policy and save time by reusing these configurations in multiple collection policies. Add the following details to a collection policy:

• Connector configurations: Specify the type of connector and selection criteria that identifies the connector for collection.
• Log source configurations: Specify the source of log collection like a file path or collection interval. These configurations differ for each source.
• Parsing rule: Select the parsing rule that you have created to parse the logs that you are collecting. If you have not created a parsing rule and directly move on to create a collection policy, you get a link to create a parsing rule from the collection policy page.
• Filtering rule: Select the filtering rule that includes or excludes the logs from the collection. It is optional to add these rules. However, these rules help you to optimally utilize the storage space for logs.

Create a collection policy to collect:

• AWS Cloudwatch logs
• Application logs
• Syslog messages
• Windows events