Setting up a message forwarding rule
You can use network forwarders to send messages based on message forwarding rules. Use the following procedure to configure the forwarding rules.
Before you begin
Ensure that you have set up network forwarders.
To add a message forwarding rule
After adding network forwarders, complete this procedure for each forwarding rule that you want to use:
- Navigate to the Messages > Config > Forwarding page.
If no forwarding rules are configured, the following page is displayed:
Click Add New Forwarding Rule.
The following page is displayed for a new forwarding rule:
- From the Enable list, select to enable the message rule.
- From the Forwarder list, select the network forwarder to use for forwarding messages.
(Optional) Using one or more of the following fields, specify filters to determine whether to forward a message:
- Match Facility
- Match Severity
- Match Keyword
- Match Address Group
- Message Prefix
Messages that match the filters are forwarded, and the product tests the filters in the order presented.
- Click Save.
The Message Forwarding Rules list displays the new rule, which is now ready to use.
Information
Example
The following example shows three configured rules:
- Server name TCP:10.10.218.96:5003 forwards messages only if they match the Security syslog facility and have the keyword ssh in the message text.
- Server name TCP:198.168.43.16:269 forwards messages only if they match the Local4 facility and have the severity field set to info or Informational.
- Server name UDP:198.168.44.51:3399 applies no filters. The product forwards all messages to the configured receiver.
BMC Defender Server captures and catalogs all messages, regardless of the forwarding rules.
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*