Create Log Source

post

https://localhost:8501/lr-admin-api/logsources/

Inserts a new log source if Id specified is -1, and then returns the LogRhythm generated log source Id.

* In case of non Flat File logsource type, WatchFileRenameOnRollover will always be set to true."

* While creating virtual log source, user will have to provide a valid virtualLogSourceParentId. In case of non virtual log source, virtualLogSourceParentId should be removed from the request body.

* The value of the eventLogFilter property must be in a valid XML format and it will be applicable only for windows event logsource type.

Recent Requests

Time	Status	User Agent
Retrieving recent requests…

Loading…

Body Params

The body of the log source, including all required attributes.

integer

-2147483648 to 2147483647

The Object Id generated by LogRhythm. Required for PUT operations (updates).

systemMonitorId

integer

required

-2147483648 to 2147483647

The Object Id generated by LogRhythm. Required for PUT operations (updates).

systemMonitorName

string

length ≤ 255

The name of the System Monitor agent.

name

string

required

length ≤ 200

The log message source name stored in the database.

host

object

required

entity

object

logSourceType

object

required

mpePolicy

object

required

shortDescription

string

length ≤ 255

A brief description of the component.

longDescription

string

length ≤ 2000

A full description of the component.

recordStatus

string

enum

A record status of retired or active.

Allowed:

status

string

enum

Status for enable, paused, or unregistered

Allowed:

isVirtual

boolean

enum

Defaults to false

Allowed:

logSourceIdentifiers

array of objects

logSourceIdentifiers

logMartMode

integer

isLoadBalanced

boolean

enum

Defaults to false

Allowed:

mpeProcessingMode

string

enum

required

The name of the available MPE processsing modes.

Allowed:

isArchivingEnabled

boolean

enum

Defaults to false

Allowed:

maxMsgCount

integer

1 to 50000

Defaults to 100

defMsgTTLValue

integer

dateUpdated

date-time

The date when the object was last modified. This is ignored when saving the records.

isSilentLogSourceEnabled

boolean

enum

Defaults to false

Allowed:

msgSourceDateFormatID

integer | null

filePath

string

cryptoMode

integer

signMode

integer

monitorStart

date-time | null

monitorStop

date-time | null

defMsgTTL

integer

defMsgArchiveMode

string

enum

Allowed:

msgPerCycle

integer

Defaults to 100

collectionDepth

integer | null

udlaConnectionString

string

udlaStateField

string

udlaStateFieldType

string

enum

Defaults to Increment

Allowed:

udlaStateFieldConversion

string

udlaQueryStatement

string

udlaOutputFormat

string

udlaUniqueIdentifier

string

udlaMsgDateField

string

udlaGetUTCDateStatement

string

parameter1

integer | null

parameter2

integer | null

parameter3

integer | null

parameter4

integer | null

parameter5

integer | null

parameter6

string

parameter7

string

parameter8

string

parameter9

string

parameter10

string

msgRegexStart

string

msgRegexDelimeter

string

msgRegexEnd

string

recursionDepth

integer

isDirectory

boolean

enum

Defaults to false

Allowed:

inclusions

string | null

exclusions

string | null

compressionType

string

enum

Defaults to none

Allowed:

udlaConnectionType

integer | null

collectionThreadTimeout

integer

0 to 600

Defaults to 120

virtualSourceRegex

string | null

virtualSourceSortOrder

integer | null

virtualSourceCatchAllID

integer | null

persistentConnection

boolean

enum

Defaults to false

Allowed:

autoAcceptanceRuleId

string

enum

Allowed:

maxLogDate

date-time

virtualLogSourceParentID

integer | null

virtualLogSourceName

string

watchFileRenameOnRollover

boolean

enum

Defaults to true

Allowed:

logSourceBeat

object

eventLogFilter

string | null

Responses

201Returns the newly created log source.

403A User without the correct permissions tried to create a new log source.

409A log source record already exists for the chosen name.