The Default SmartReporter Policy

In This Section: Predefined SmartReporter Policy Out of the Box Consolidation Rules

Predefined SmartReporter Policy

The predefined, Out of the Box SmartReporter Policy consists of 13 Consolidation Rules. Each Rule addresses a certain type of log (for example, alerts, blocked or broadcast logs) and specifies whether to ignore it or store it.

If a log is to be stored, the Rule specifies its Store Properties:

• As Is — all log fields are stored in the SmartReporter database and will be available for report generation without consolidation. This is the default storage option when a new rule is created.
• Consolidated — specify the following consolidation parameters:
• Consolidation Interval — the interval at which logs matching this Rule are consolidated (for example, all logs generated within a 10 minute interval). Hourly intervals are measured.

Out of the Box Consolidation Rules

The following table describes the function of each Rule and specifies its Store Properties.

Rule No.	Description	Interval
1	Consolidate and store alert logs.	1 hour
2	Consolidate and store blocked (rejected or dropped) connection logs	1 hour
3	Consolidate and store approved HTTP connections logs	1 hour
4	Consolidate all SMTP logs.	1 hour
5	Consolidate and store approved FTP logs	1 hour
6	Store all message logs.	none
7	By default, this Rule is inactive. If activated after adding the relevant groups it filters out all broadcast message logs.	none
8	Ignore both approved and blocked bootp (Bootstrap Protocol, used to boot diskless systems) packet logs.	none
9	Ignore both approved and blocked nbdatagram logs.	none
10	Ignore both approved and blocked DNS logs	none
11	Consolidate and store approved POP-3 logs	1 hour
12	Consolidate and store NTP logs. NTP is a time protocol that provides access over the Internet to systems with precise clocks.	1 hour
13	Consolidate and store connections that do not match any of the previous Rules	1 hour