Dynamic roles in dynamic collectors

In a dynamic collector, dynamic role assignments depend on characteristics of the incoming event. Dynamic roles are created with the dynamic collector. The $THIS variable in the following example refers to the incoming event and is used in the role name definition.

collector Net.*.Server.* : { r[$THIS.mc_origin] } : NET
   create $THIS.mc_origin
END

The previously mentioned example, assigns a read permission to a role having the same name as the value of the mc_origin slot. For example, if the name of a server is host12 in an event, the dynamic collector creates a new collector host12. The role host12 must be listed in the list of roles if it is to see what is contained in the collector.

Note

For more information about user roles, see Managing roles.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*