Administration GuideSuppression and SummarizationSuppression and Summarization Rules Tasks › How to Create a Suppression Rule

Previous Topic: Suppression Rule Effects

Next Topic: Open Suppression Wizard

How to Create a Suppression Rule

You can use suppression rules to prevent large numbers of routine or known and predicted transactions from inflating your event log store and muddling the image of your environment. For example, you might use a suppression rule to eliminate unnecessary syslog information events, particularly in cases where you cannot configure the event source to send only the required set.

The process of creating a suppression rule, using the suppression rule wizard, has the following steps:

  1. Opening the suppression rule wizard.
  2. Rule Naming - Entering rule name and description information.
  3. Event Selection - Identifying an event to suppress, using the CEG normalization attributes and optional advanced filtering.

Note: Once you have created a suppression rule, you must apply it, making it available for use in your environment.

More information:

Open Suppression Wizard

Name a Suppression Rule

Using Advanced Filters

Apply a Suppression or Summarization Rule