Config Log Processing Sub Configuration - Ingest Log from Syslog

Ingest Log From Syslog

Files read from Syslog are written to a folder or directory. You can use a log file from Syslog to create the Log Parser configuration. Select any file from the 10 most recent files. The file is truncated to the first 1000 lines to create the parser configuration.

1. Go to Infrastructure > Cloud Connector.
2. Select the Cloud Connector instance you want to configure. 
3. Click the Log Processing tab.
4. Click Add new Sub-Configuration.
5. Click Ingest Log From Syslog.

6. Click Configure Syslog. (For instructions, see Cloud Connector Config Syslog.)
   
7. Once uploaded, a preview of the default Log Parser settings displays. You can customize the Log Parser settings based on your log format. For details, see Settings to Parse the Log file.
8. Click Next.
9. On the Evaluate Parsed Result page, verify the parsed result. To modify any column, select the edit icon. For details, see Evaluate Parsed Result.
   
10. On the Map Required Log Fields page, review the list of attributes and make sure that the required fields are mapped to corresponding fields from the log file. To add or change the mapping of attributes, see Mapping Log Fields. Later, you can view the mapped log fields in the Preview section.
    
11. On the Validate Format page, review mapped formats for accuracy. Items in red must be mapped manually. For details, see Validate Mapped Formats.
    

12. On the Sub-Configuration page, you can edit, review, and save your configuration. For details, see Sub-Configuration.
13. Once the log parser configuration is saved, you can see the following successful message.
    
14. To run the Quality Check now for this parser configuration, click Run Quality Check. To run the Quality Check later, click Not Now.  To learn more, see Log Parser Quality Check.