Configure Address Override screen

The Configure Address Override screen is accessed by clicking on the Config tab, and then selecting Overrides, and then selecting Address.  From that location, the operator can view, add, or edit the list of message address overrides. A depiction of this screen is shown as follows:

Address Overrides, defined by this screen, cause the device IP address field in a message to be replaced (under specific conditions) with a different IP address, thereby cataloging the message differently. One application of this function is to handle NAT (Network Address Translation) by substituting the name of the local IP address with its corresponding network address.

The preceding screen provides a list of all the Address Overrides that are applied to messages immediately after filtering. Overrides can be added by clicking AddNew option. An existing override can be edited or deleted by clicking Edit Override option in the first row of the table. Apply option permits you to change the sort order, and refreshes the display with any items (useful if some other user is currently editing the items at the same time the operator is viewing the items.)

Each override contains five fields, shown in the table. To override a message, all of the first four fields must match the event message. The various fields are as follows: 

• Match Address—This is the address to override. It can be a specific IP address or a wildcard. The address of *.*.*.* is the default and matches all IP addresses on the system.
• Match Facility—This is the facility to match in the message. The default setting is Any, that matches any syslog facility code. 
• Match Severity—This is the severity to match in the message. The default setting is Any, that matches any syslog severity code.
• Match Keyword—This is a single keyword in the message to match. The specified keyword cannot contain blank spaces (but might contain a ( * ) character that spans spaces.) The default setting is ( * ) that matches all messages. 

The last column of the table indicates the IP address that is substituted and logged whenever a message is received that matches the first four fields of the table entry. This value is the particular value appearing in the Messages > Search facility, Messages > Devices screen, and various other locations on the system. BMC Defender Server treats the message exactly as if it came from the specified address.

Address Override screen controls

At the top of the display are controls that allow you to sort the list, or add a new override to the list. To modify the sorting order, the operator makes adjustments and clicks Apply option. This refreshes the screen with the latest settings. Clicking on the tab button also refreshes the screen, but sets the order mode to Default, that displays records in the order in which they were added to the system.

Instructions on how to add, edit, and delete entries are provided in the description of the Configure Filters screen. To add an entry, click AddNew option. To edit an existing entry, click Edit option. To delete an existing entry, click Edit option and then click Delete option.

Address Overrides screen, special notes

Access to this screen is limited to admin type logins. If the current login has user or guest access, then the screen might be viewed, but you are blocked when clicking AddNew or Edit option. Only admin type logins can modify system data.

Before any data is saved or modified it is checked. If the check fails, then you must click back in order to fix the problem, or click on the tab to restart the edit session.

One special check that requires explanation is that you cannot simply click AddNew option, and then click Commit, because this would result in an entry that would override ALL messages on the system. (This is because the Add New Override screen uses defaults that match the most messages, to assist the operator in making small adjustments to override messages selectively.)

A message might match many different overrides. In this case, the first override matched is the one used. Although there is no limit to the number of overrides, experience indicates that these settings can become quite confusing unless the operator carefully designs these overrides. Experience shows that the most common field modified is the IP Address field, selected to reject specific devices.