Previous Topic: Add Listener ComponentsNext Topic: Set Default Configurations


Apply Suppression and Summarization Rules

You can apply both suppression and summarization rules to a syslog listener to streamline event refinement. When the listener is used with a connector, incoming events are verified against any applied suppression and summarization rules before being sent to CA User Activity Reporting Module.

For example, if you wanted to create a listener to receive CA Access Control events only, you could apply the CA Access Control successful file access rule. You avoid excess processing because only needed rules are used to verify incoming events.

Important! Create and use suppression rules cautiously because they prevent the logging and the appearance of certain native events entirely. We recommend testing suppression rules in a test environment before deploying them.

To apply suppression or summarization rules

  1. Open the listener wizard and advance to the Suppression Rules step, or the Summarization Rules step.
  2. (Optional) Type in the rules pattern entry field to search the available rules. As you type, the rules that match your entry are displayed.
  3. Select the rules you want, using the shuttle control.
  4. Click the appropriate arrow to advance to the wizard step you want to complete next, or click Save and Close.

    If you click Save and Close, the new listener appears in the user folder list, otherwise the step you select appears.