jarivaahtera Absent Member.
Absent Member.
966 views

Setting tags to events

Is there an alternative way to set the tags for events without assigning them to eventsources, routing rules etc? We face this problem that we manage our retention period for events with those tags and now we want to keep some of the F5 logs longer than another. As you know F5 can have multiple roles and in our scenario we need to keep other logs (audit, APM etc.) longer in Sentinel than the DNS logs that it produces. I was wondering that could it be possible to set tags straight from plugin code? I don't think routing rules would help at this because the longer retention period overruns the shorter. So if the F5 event is tagged with two tags that have different retention periods it won't work as we want it to. Also we have to use regex to match the DNS events from F5 logs. Any ideas?
0 Likes
3 Replies
AutomaticReply Absent Member.
Absent Member.

Re: Setting tags to events

jarivaahtera,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.microfocus.com/faq.php

Sometimes this automatic posting will alert someone that can respond.

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.

Good luck!

Your Micro Focus Forums Team
http://forums.microfocus.com



0 Likes
Highlighted
brandon-langley Absent Member.
Absent Member.

Re: Setting tags to events

jarivaahtera;2488445 wrote:
Is there an alternative way to set the tags for events without assigning them to eventsources, routing rules etc? We face this problem that we manage our retention period for events with those tags and now we want to keep some of the F5 logs longer than another. As you know F5 can have multiple roles and in our scenario we need to keep other logs (audit, APM etc.) longer in Sentinel than the DNS logs that it produces. I was wondering that could it be possible to set tags straight from plugin code? I don't think routing rules would help at this because the longer retention period overruns the shorter. So if the F5 event is tagged with two tags that have different retention periods it won't work as we want it to. Also we have to use regex to match the DNS events from F5 logs. Any ideas?


Why not use exclusions in the routing rules to segment the events into two separate tags?
0 Likes
jarivaahtera Absent Member.
Absent Member.

Re: Setting tags to events

brandon.langley;2488934 wrote:
Why not use exclusions in the routing rules to segment the events into two separate tags?


That would help, but the NetIQ F5 collector does not recognize DNS events so they do not differ (in eventname) from those logs that we want to preserve longer. So we have to modify the F5 collector ourself or make a feature request to NetIQ?
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.