Administration GuideMapping and ParsingEvent Forwarding Rules TasksHow to Create Event Forwarding Rules › Set Forwarding Rule Attributes

Previous Topic: Create an Advanced Event Filter

Next Topic: About Forwarded syslog Events
Set Forwarding Rule Attributes

Set required attributes for a forwarding rule, including forwarding exit points, CEG fields included in the forwarded event, and destination settings.

To set rule attributes

  1. Open the forwarding rule wizard and advance to the Policy Attributes step.
  2. Set forwarding rule actions in the Actions area:
    1. Select a syslog Facility and a syslog Severity in the appropriate drop-down lists. Any events forwarded by the rule include the syslog attributes you set.
  3. Set information about CA Enterprise Log Manager event transmission in the General Information area:
    1. Select whether you want to sent the events identified by the rule before or after suppression and summarization:
    1. Select the CEG fields you want to be displayed in the transmitted event. If you do not select a CEG field, only the raw event value is sent. If you select any CEG field, also select raw_event to forward the raw event.
  4. Set forwarding destination information in the Destination area:
    1. Click Add Destination to create a destination row.
    2. Click the text in the Host column to add a destination hostname, or IP address. The IP address can be IPv4 or IPv6.
    3. Click the Port column cell to add the port number that the target application listens on.
    4. Click the text in the Protocol column to select TCP or UDP to set the transmission protocol you want to use.
    5. Repeat steps a-d to add more destinations as next.
  5. Click Save or Save and Close.

    The new rule appears in the User subfolder of the Forwarding Rules folder.