Message overrides

Message overrides operate in a fashion similar to filters, except that the message data is altered rather than removed from the system. The operator clicks the Config > Overrides screen to access the overrides, that is one of the following:

• Address overrides—The operator can set an address override that replaces the address of the incoming message with some other address, especially useful for systems relying on NAT (Network Address Translation).

• Facility overrides—The operator can set a facility override that replaces the facility code of the incoming message with some other facility, including a User Defined Facility described. Since facility codes offer a main way of quickly correlating data, this provides a large amount of flexibility associated with data organization.

• Severity overrides—The operator can set a severity override that replaces the severity of the incoming message with some other severity. Since severities are sometimes badly assigned by system vendors, this provides a direct method of adjusting message severities up or down as might be appropriate.

• Text overrides—The operator can blank out certain fields of a message using a text override. This allows the operator to blank out certain fields within a message, such as a credit card number or user password. The text is eliminated from the message and not log on the system.

In addition to the basic override functions, the various override facilities have substantially advanced functions.

In particular, the address overrides permit you to change the mode that address values are displayed, to support DHCP and non-static IP addresses. (See section on DHCP.)

This section provides information about the following topics: