Retrieving Logs with a Particular Pattern Update Status

By default, Control Manager Syslog Forwarder retrieves logs with the following pattern update status:

  • Up-to-date

  • 1, 2, 3, 4, 5, and 6 versions old

You can configure Syslog Forwarder to only retrieve a particular status.

  1. Go to the Control Manager root folder.

    C:\Program Files\Trend Micro\Control Manager or

    C:\Program Files (x86)\Trend Micro\Control Manager

  2. Open DataSource_Localhost.ini using a text editor.
  3. Go to the [pattern_updated_status] section, search for the ComponentStatus string and then set one or several values.

    1 = Up-to-date

    2 = 1 version old

    3 = 2 versions old

    4 = 3 versions old

    5 = 4 versions old

    6 = 5 versions old

    7 = 6 versions old

    For example:

    [pattern_updated_status]

    event_id=800101

    enable=0

    ComponentStatus=1,2,3,4

  4. Save and close the file.