Question:
What is the difference between creating a filter under the Syslog Filter (Admin -> General -> Syslog / Trap Filter) and creating a Syslog alerting rule with the mute action?
Answer:
A Syslog filter will discard a specific Syslog message when it is received by AKIPS and will not store that message in AKIPS. We do not log discarded Syslog messages due to the amount of logging that would be required.
If a Syslog message is received by AKIPS that has not been filtered, it will be stored in AKIPS and is able to be viewed under Tools -> Syslog. If there is a matching Syslog alert for that message, but you don’t specifically want to receive that Syslog alert, then you can create a more specific Syslog alert with a mute action to stop that message from being alerted on. This is useful when a message is being inadvertently matched by a less specific rule.
Comments
0 comments
Please sign in to leave a comment.