<p class="shortdesc">日志过滤是指符合过滤条件的日志不入库不保存，也不会进行解析。本文介绍如何新增日志过滤规则。</p> <section class="section prereq" id="logFilter__prereq_imd_tzl_rsb"><div class="tasklabel"><h2 class="doc-tairway">前提条件</h2></div> <p class="p">您已购买安全日志审计实例。</p> </section> <section><div class="tasklabel"><h2 class="doc-tairway">操作步骤</h2></div><ol class="ol steps"><li class="li step stepexpand"> <span class="ph cmd">登录<a class="xref" href="https://www.ocftcloud.com/console/log-audit" target="_blank" rel="external noopener">安全日志审计SLA控制台</a>，进入<span class="keyword wintitle">实例列表</span>页面。</span> </li><li class="li step stepexpand"> <span class="ph cmd">单击目标实例<span class="ph uicontrol"> 操作</span>列的<span class="ph uicontrol">管理</span>，进入安全日志审计控制台。</span> <div class="itemgroup info"> <img class="image" id="logFilter__d80e53" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222803112057-1ecc508f988a.png" width="830"> </div> </li><li class="li step stepexpand"> <span class="ph cmd">在页面上边栏选择<span class="ph uicontrol">系统</span>，在左侧菜单栏选择<span class="ph menucascade"><span class="ph uicontrol">系统配置</span><abbr> > </abbr><span class="ph uicontrol">日志分析</span></span>，进入<span class="ph uicontrol">日志分析</span>页面。</span> </li><li class="li step stepexpand"> <span class="ph cmd">选择<span class="ph uicontrol">过滤</span>页签，根据以下信息，配置日志过滤规则，配置完成后单击<span class="ph uicontrol">保存</span>。</span> <div class="itemgroup info"> <div class="p"> <img class="image" id="logFilter__image_xzv_4nt_4sb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222803112056-18e3cc599f63.png" width="400"> </div> <table class="table" id="logFilter__table_sbv_5df_4sb"><caption></caption><colgroup><col><col></colgroup><thead class="thead"> <tr class="row"> <th class="entry colsep-1 rowsep-1" id="logFilter__table_sbv_5df_4sb__entry__1"> <p class="p"> 配置项 </p> </th> <th class="entry colsep-1 rowsep-1" id="logFilter__table_sbv_5df_4sb__entry__2"> <p class="p"> 说明 </p> </th> </tr> </thead><tbody class="tbody"> <tr class="row"> <td class="entry colsep-1 rowsep-1" headers="logFilter__table_sbv_5df_4sb__entry__1 "> <p class="p"> 是否启用 </p> </td> <td class="entry colsep-1 rowsep-1" headers="logFilter__table_sbv_5df_4sb__entry__2 "> <p class="p"> 选择是否启用日志过滤功能。 </p> </td> </tr> <tr class="row"> <td class="entry colsep-1 rowsep-1" headers="logFilter__table_sbv_5df_4sb__entry__1 "> <p class="p"> 条件 </p> </td> <td class="entry colsep-1 rowsep-1" headers="logFilter__table_sbv_5df_4sb__entry__2 "> <p class="p"> 设置日志过滤的条件，例如，“${severity}”表示事件级别。 </p> </td> </tr> <tr class="row"> <td class="entry colsep-1 rowsep-1" headers="logFilter__table_sbv_5df_4sb__entry__1 "> <p class="p"> 值 </p> </td> <td class="entry colsep-1 rowsep-1" headers="logFilter__table_sbv_5df_4sb__entry__2 "> <p class="p"> 日志过滤条件字段的值，例如：“1”表示过滤事件级别为1的日志。 </p> </td> </tr> </tbody></table> </div> </li><li class="li step stepexpand"> <span class="ph cmd">单击页面右上角的<span class="ph uicontrol">重启</span>按钮重启SOC服务，使配置生效。</span> </li></ol></section>