Skip to Content

Forwarding correlation thread messages

not applicable for siem for motorola and siem for nnt

(SPE2404)

You can use the correlation thread forwarding feature to forward correlation thread messages (with optional formatting) to a third-party syslog server. On the Messages > Config > Thread Forwarding tab, you can configure the following number of threads and forwarders:

On the Thread Forwarding tab, the number of messages sent is shown for each thread forwarder.

Related topics

Using-the-Messages-tab

Setting up correlation thread forwarding

If you configure multiple threads to forward the same message, the target message is sent only once to simplify operation. This allows more flexibility for the user faced with situations where a message might be cataloged by multiple different threads.

Before you begin

Ensure that you complete the tasks in the Setting-up-a-network-forwarder topic.

To enable correlation thread forwarding

  1. On the Messages > Config > Thread Forwarding tab, click Edit to set up or edit a thread forwarder.
  2. Select a correlation thread for the forwarder.
  3. To enable forwarding, select Enabled.

  4. Select the network forwarder to use for sending the messages from the correlation thread.

    You must configure one or more network forwarders for the Forwarder selection to be available.

  5. (Optional) In Additional Match Expression, enter an expression to match message content. For more information, see  Match expressions .

  6. (Optional) Enable Special Formatter to include special formatting directives that you need to perform additional filtering, formatting, and deduplication of messages.

    For more information, contact BMC Support.

  7. (SPE2310) (Optional) Add a prefix to messages for monitoring, analysis, or further processing.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Defender SIEM Correlation Server 6.2