Configure the Data Collection Rule for Syslog Data Sources

  • 6 minutes

The Data Collection Rule (DCR) only collects events with the facilities and severities that are specified in its Data sources configurations. For Syslog, you can modify the Facility Minimum log level and Destination in the Add data source page.

To configure the Syslog Facility log leveland Destination:

  1. Access the Data collection rule Data sources Add data source page:

    • Select Configuration, Data sources

    • Select Linux Syslog.

  2. Select the Minimum log level drop-down menu to make changes for each Facility.

    Screenshot of Linux Syslog facilities selections and minimum log levels.

  3. When completed select Save

    Note

    The default is "LOG_DEBUG" for each Facility, and changes are automatically pushed to all configured resources.