You can apply both suppression and summarization rules to a syslog listener to streamline event refinement. When the listener is used with a connector, incoming events are verified against any applied suppression and summarization rules before being sent to CA User Activity Reporting Module.
For example, if you wanted to create a listener to receive CA Access Control events only, you could apply the CA Access Control successful file access rule. You avoid excess processing because only needed rules are used to verify incoming events.
Important! Create and use suppression rules cautiously because they prevent the logging and the appearance of certain native events entirely. We recommend testing suppression rules in a test environment before deploying them.
To apply suppression or summarization rules
If you click Save and Close, the new listener appears in the user folder list, otherwise the step you select appears.
Copyright © 2013 CA.
All rights reserved.
|
|