2024-01-16 08:19 AM - edited 2024-01-16 08:21 AM
Good day.
Is there any possibility of assigning an event filter for many Log Collectors?
I have a situation with more than 50 VLCs and need to deploy a syslog event filter to all of them. Manually it could take a lot of time. I am looking for a solution for multy-deployment of the filter.
Or maybe somebody knows where a file with a filter is located in the filesystem?
Thanks,
Igor
2024-01-29 05:07 PM
Hi Igor,
The logcollector filter json file is located at vlc /etc/netwitness/ng/logcollection/eventfilters/<collection_type>/ folder.
You may create a filter on one vlc via UI and copy the <collection_type> folder from the vlc to other vlc and restart logcollector service.
I hope this helps.
Regards,
Allen
2024-01-29 04:34 PM
Hello IgorVoznyuk,
I'm having one of my Support people take a look at your request to see if we have an answer for you. Thank you for your patience.
2024-01-29 05:07 PM
Hi Igor,
The logcollector filter json file is located at vlc /etc/netwitness/ng/logcollection/eventfilters/<collection_type>/ folder.
You may create a filter on one vlc via UI and copy the <collection_type> folder from the vlc to other vlc and restart logcollector service.
I hope this helps.
Regards,
Allen