Loading...

Knowledge Center


McAfee SNS ProTip for SIEM Enterprise Security Manager and Event Receiver: Advanced Syslog Parser rule ordering on a Receiver
SNS Emails ID:   SNS1756
Last Modified:  12/6/2018

Body

At times, you might have to adjust the Advanced Syslog Parser (ASP) rule ordering on a Receiver. See the following Knowledge Base article for assistance with adjusting the rule ordering so that the most common rules in the view are also the first ASP rules checked on the Receiver:

KB90611 - Filter and Advanced Syslog Parser rule ordering information (https://kc.mcafee.com/corporate/index?page=content&id=KB90611)

This article assists you with ordering rules to improve overall performance on the Receiver. It is also useful when dealing with a busy data source. 
 
For more resources, visit the ServicePortal and search for related content.

SNS ProTips help you maximize your protection with troubleshooting, best practices, how-to tips, and links to Knowledge Center resources. 

To receive information about McAfee product updates, sign up for the Support Notification Service at https://sns.secure.mcafee.com/signup_login.

Original Send Date

December 6, 2018

Rate this document

Languages:

This article is available in the following languages:

English United States
Japanese

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.