Log Collection Filters

Overview

Log Collection Filters in Log360 Cloud allow admins to control and streamline the log ingestion process by specifying which logs should be collected or excluded based on log source, log format, and custom-defined conditions. You can create filters for both device groups and cloud sources. This ensures that only relevant and necessary log data is processed, stored, and analyzed.

Filters support logical operators like AND and OR, allowing you to combine multiple criteria.

This page explains how to create, configure, and manage Log Collection Filters to help optimize storage usage, improve processing efficiency, and retain actionable, security-relevant data.

Creating a Log Collection Filter

1. Log in to your Log360 Cloud account.
2. Go to the Settings tab and select Admin.
3. In the left pane, navigate to Data Storage and click Log Collection Filters



4. Click + Add New Filter in the top right corner.



5. Enter a unique name for the filter in the Filter Name field.



6. In the Select Log Format drop-down menu, choose the appropriate log format.
NOTE Cloud sources can also be selected from the Log Format drop-down.
7. Click the icon to select Log Sources.
8. In the pop-up window, select the desired device groups or Cloud Sources. You can also use the Search Elements bar to locate specific sources.



9. Click OK to confirm your selection.
10. Using Filter Criteria, you can define the conditions that determine which logs should be collected or excluded. Choose one of the following options:
    • Exclude: Omit logs that match the specified criteria.
    • Collect Only: Include only logs that match the specified criteria.
    NOTE A filter can be configured to perform only one action, either Exclude or Collect Only. To apply both actions for the same set of devices or log sources, you must create two separate filters: one for exclusion and another for inclusion.



11. Click the icon to add additional filter criteria. You can combine multiple conditions using logical operators:
    • AND means all conditions in the group must be true for a log to match.
    • OR means at least one condition in the group must be true for a log to match.



12. To create advanced filters, click + Add Group to define multiple groups of conditions. Each group can be configured with its own set of criteria and logical operators.



13. Click Add to save the configurations.

Managing Log Collection Filters

To enable or disable a log collection filter:

1. In the Log Collection Filter page, select a filter from the list.
2. Click the icon to disable the filter.



3. To enable a filter, select a disabled filter and click the icon

To delete a filter:

1. Select the filter you want to remove.
2. Click the icon.



3. A confirmation pop-up will appear. Click Yes to confirm and permanently delete the filter.

To search for a filter:

1. Click the Search icon at the top-left corner of the filter table.
2. Enter the filter name in the search bar.



3. The table will automatically update to display filters that match the entered keyword.

To export a filter:

1. Select the filter you want to export.
2. Click the icon and choose Export.



3. The selected filter will be downloaded as an XML file.

To import filters:

1. Click the icon and select Import.
2. In the Import Filter Profile(s) pop-up, browse and select the XML file containing the filter profile.



3. Click Import to upload and apply it.

To edit an existing filter:

1. Click the icon next to the filter you want to update.



2. You can modify the Filter Name, Log Sources, and Filter Criteria.
NOTE You cannot edit the filter criteria of predefined filters. However, you can modify the associated device(s) or device group(s) in predefined filters.



3. Click Update to save the changes.