Define logging patterns as key-value pairs in Logging Profile elements

When you define key-value pairs for converting syslog data, the Log Server parses each received syslog entry data based on the defined key-value pairs.

The data in the incoming syslog message must be formatted as key-value pairs.

You can use sections in the Logging Profile to organize the logging patterns. To create categories, you can associate one or several Log Data Tags with each section. The Log Data Tags improve the way log entries can be viewed and stored. However, they do not affect the way third-party log entries are converted into SMC log entries. If you do not select specific Log Data Tags for a section, only default “Third Party” and “Log Data” Log Data Tags are shown for matching log entries.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. In the Logging Profile, select Key-Value Pairs as the Pattern.


  2. (Optional) Click the Select Log Data Tags link in the header row of the Patterns section.
    Select the Log Data Tags according to the type of traffic that matches the key-value pairs in the section, then click Add. The selected Log Data Tags are added to the Content list.
    Note: Log Data Tags make the converted third-party log data records visible in the appropriate log data contexts. They also generate log data storage indexes, which speed up the filtering by data tags.
  3. Drag and drop SMC log fields from the Fields branch in the left pane to the Field column.
    Alternatively, you can define a Field Resolver and add it to the pattern instead of a log field. To omit a portion of data, add an Ignore field. By default, the Ignore field is added to the Field column in the new section.
  4. Double-click the Key column for the log field that you added, then type the corresponding key value as it appears in the syslog message (for example, devTime).
  5. (Optional) To add more key-value pairs to a section, right-click a row, then select Add Row.
    The key values can be added in any order. The key values are converted to SMC log entries based on the key values alone.
  6. (Optional) To create another section in the same Logging Profile, click Add Section, then configure the new section.
  7. In the Unmatched Key section, select the action for handling syslog data that does not match any defined logging patterns:
    • Store in 'Syslog message' field — A log entry is created and all data is inserted into the Syslog Message log field. The created log entry is stored on the Log Server.
    • Ignore — The data is discarded.

Select Log Data Tags dialog box

Use this dialog box to select Log Data Tags to use in a Logging Profile.

Option Definition
Log Data Tags Contains the Log Data Tags that you can add to the Content list.
Filter Allows you to filter the elements shown.
Up Navigates up one level in the navigation hierarchy. Not available at the top level of the navigation hierarchy.
New Opens the associated dialog box to create an element.
Tools Select Show Deleted Elements to show elements that have been moved to the Trash.
Content Contains the selected Log Data Tags. Click Add to add an element to the list, or Remove to remove the selected element.
Select Retains your selections and closes the window.