Out of the Box Consolidation Policy
Predefined Consolidation Policy
The predefined, Out of the Box Consolidation Policy consists of 13 Consolidation Rules. Each Rule addresses a certain type of log (for example, alerts, blocked or broadcast logs) and specifies whether to ignore it or store it.
If a log is to be stored, the Rule specifies its Store Properties:
- As Is — all log fields are stored in the SmartReporter database and will be available for report generation without consolidation. This is the default storage option when a new rule is created.
- Consolidated — specify the following consolidation parameters:
- Consolidation Interval — the interval at which logs matching this Rule are consolidated (for example, all logs generated within a 10 minute interval). Hourly intervals are measured.
Out of the Box Consolidation Rules
The following table describes the function of each Rule and specifies its Store Properties.
Out of the Box Consolidation Rules
Rule No.
|
Description
|
Cons. Interval
|
1
|
Consolidate and store alert logs.
|
1 hour
|
2
|
Consolidate and store blocked (rejected or dropped) connection logs
|
1 hour
|
3
|
Consolidate and store approved HTTP connections logs
|
1 hour
|
4
|
Consolidate all SMTP logs.
|
1 hour
|
5
|
Consolidate and store approved FTP logs
|
1 hour
|
6
|
Store all message logs.
|
none
|
7
|
By default, this Rule is inactive. If activated after adding the relevant groups it filters out all broadcast message logs.
|
none
|
8
|
Ignore both approved and blocked bootp (Bootstrap Protocol, used to boot diskless systems) packet logs.
|
none
|
9
|
Ignore both approved and blocked nbdatagram logs.
|
none
|
10
|
Ignore both approved and blocked DNS logs
|
none
|
11
|
Consolidate and store approved POP-3 logs
|
1 hour
|
12
|
Consolidate and store NTP logs.
NTP is a time protocol that provides access over the Internet to systems with precise clocks.
|
1 hour
|
13
|
Consolidate and store connections that do not match any of the previous Rules
|
1 hour
|
|
|
