FAQ  
 

Why to have more than one Ruleset?

Created on 2002-11-22 by Rainer Gerhards,
Updated on 2003-03-27 by Rainer Gerhards.

Multiple rule sets can be defined primarily for two purposes:

1. Multiple Syslog Servers with different functions

If there are multiple syslog servers/services to be defined in WinSyslog, each one can be bound to a different rule set. So you could for example have one rule set for a PIX reporting via TCP and an other for routers reporting via UDP. If these two different syslog message sources do have very different processing needs, it might be a good idea to create two rule sets. HOWEVER, this mode is very uncommon and typically not needed - it is supported for those customers, that know to have an exact need for it.

2. As a test vehicle

If you are testing your configuration and would like to try out something new, you can create additional rule sets and leave the already tested rule set as is. Then, you simply change the rule set assigned to the syslog service to activate it. Using it this way is much more common. Please keep in mind that at a given time only one rule set will be active.

In general, multiple rule sets are not very common to use with WinSyslog. They are included into the product to provide additional options for those (few) that need it. Typically, all work is done via a single rule set. This is possible, because a single rule set can contain as many rules as you like. For example, if you would like to write received messages to a file and also generate email alerts for certain events, you can do so with a single rule set - you just need to include multiple rules. For more details on how rule sets work, you can watch our 12 minute online seminar.

Please note that if you configure a standard syslog server, only one rule set can be active at a time. This is because a standard service is made up of only one syslog server service running at port 514/UDP. And one service can only bind to one rule set (which is not a limitation, as the rule set can be as complex as needed).

To activate a new rule set, you need to go to the syslog server service and select the new rule set under "rule set to use". Be sure to restart the WinSyslog service after doing so. This will activate the new rule set - and keep in mind the "old" rule set will become deactivated.
WinSyslog
 Home
 Product Info
General Information
Edition Comparison
Order and Pricing
Upgrade Insurance Info
News Releases
Version History
Product Tour
 - Screenshots
 Download
 Reference library
General Information
Step-by-step guides
 - All
 - Installation and Configuration
 - Services related
 - Actions related
 - Central Monitoring
Common Uses
Centralized monitoring
Security Reference
 Help
Support
Manual
FAQ
 - All
 - General questions
 - WinSyslog related
 - Services related
 - Actions related
 - Filter Conditions
 - WinSyslog 3.x specific
 - License related
Articles
Seminars Online
 - All
 - General
 - WinSyslog related
 Order & pricing
Order now
Editions
Pricing Information
Upgrade Insurance Info
Local Reseller
 Contact Us
 Search
 
 



Printer Version Send this page to a friend

Copyright © 1988-2005 Adiscon GmbH All rights reserved.
Contact us via Secure Web Response | Privacy Policy
Topic Links: syslog | Free Weblinks Directory