Example: filtering out irrelevant logs

This scenario shows an example of using Log Data Pruning to temporarily discard unnecessary logs.

Figure: Company B's network

Server A provides services to users in network X, as well as to Server B. The administrators are interested in tracking how many of the users in network X actually use Server A. Server B also connects frequently to Server A, and generates a large amount of traffic.

The administrators are only interested in connections from other hosts in network X to Server A. The administrators decide to temporarily eliminate logs related to Server B’s connections. All hosts in network X including Server B are currently logged according to a single rule. Creating a separate rule to handle Server B's connections with logging set to “None” would create unnecessary clutter in the policy. The administrators decide to set up log pruning to filter the logs so that only the relevant ones are stored on the Log Server. The administrators do the following:
  1. Select one of the irrelevant log entries in the Logs view.
  2. Create a temporary filter based on the log entry, and save the filter as a permanent filter.
  3. Add the new filter to the Discard Before Storing list in the Log Data Pruning view.