![]() ![]() ![]() |
You can use the database filters, to filter out the unwanted events from your hosts, from getting stored in the database. By this you can save the hard drive space.
For example, if you want to reject/ filter out the events with the Event ID 1001, in the database filters, choose the Event ID: box and enter 1001. If you are not aware of the Event ID(s), kindly uncheck the events that you do not want to get stored. For example, if you do not want the Information type of events, unselect the Information check box. This will reject all the Information type of events for the host(s) that you choose in the database filters wizard.
Click the Database Filters option in the Settings tab, to apply specific event filters on the data collected and stored in the database. With this option, you can store only the necessary event logs in the database, making it easier to search for particular events, and optimizing the capacity of the database. Clicking the option will open the Filter Details page. The page contains a menu bar and list of filters available.
The menu bar contains the following menu:
There will be no hosts configured for the imported filter profiles. You have to edit the filter profile to configure the hosts.
The Database Filters option lists all the filters created so far, with the
option to add more. Click the icon
to disable the filter. This is a toggle icon, so click it again to enable the
filter. Click the
icon to Edit the Database Filter. Click the
icon to delete the filter. The list also shows the filter type, hosts and host groups for
which the filter has been set up.
Click on New Filter to create a new database filter.
Multiple values can be entered in the text boxes separated by commas.
The event types are:
- Application
- Security
- System
- DNS Server
- File Replication Service
- Directory Service
Select the severity of events which needs to be filtered, from the list of severity in the Event Severity row.
The event severity are:
- Information
- Success
- Error
- Failure
- Warning
Any combination of event type and severity is possible and select the appropriate check boxes provided in a matrix format.
The unselected event type and severity will be dropped.
The event types are:
- kernel
- user
- daemon
- auth
- syslog
- lpr
- news
- uucp
- cron1
- authpriv
- ftp
- ntp
- logAudit
- logAlert
- cron2
- local0
- local1
- local2
- local3
- local4
- local5
- local6
- local7
Unselect the severity of events for which needs to be filtered, from the list of severity in the Event Severity row.
The event severity are:
- Emergency
- Alert
- Critical
- Error
- Warning
- Notice
- Information
- Debug
Any combination of event type and severity is possible and select the appropriate check boxes provided in a matrix format.
In the Edit Hosts tab you can add or remove hosts from this DB Filter. In the Edit Criteria tab you can modify the Event Type, Event Severity, Event ID, or Message Filters for the Filters for Windows Hosts and/or Filters for Unix Hosts. Click Save once the required modifications have been done in Edit Hosts tab or Edit Criteria tab or in both tabs.
![]() ![]() ![]() |