Defining Database Filters


You can use the database filters, to filter out the unwanted events from your hosts, from getting stored in the database. By this you can save the hard drive space.

For example, if you want to reject/ filter out the events with the Event ID 1001, in the database filters, choose the Event ID: box and enter 1001. If you are not aware of the Event ID(s), kindly uncheck the events that you do not want to get stored. For example, if you do not want the Information type of events, unselect the Information check box. This will reject all the Information type of events for the host(s) that you choose in the database filters wizard.

 

Click the Database Filters option in the Settings tab, to apply specific event filters on the data collected and stored in the database. With this option, you can store only the necessary event logs in the database, making it easier to search for particular events, and optimizing the capacity of the database. Clicking the option will open the Filter Details page. The page contains a menu bar and list of filters available.

The menu bar contains the following menu:

Tip There will be no hosts configured for the imported filter profiles. You have to edit the filter profile to configure the hosts.

 

Managing Database Filters

The Database Filters option lists all the filters created so far, with the option to add more. Click the Enabledicon to disable the filter. This is a toggle icon, so click it again to enable the filter. Click the Edit DB Filter icon to Edit the Database Filter. Click the Delete icon to delete the filter. The list also shows the filter type, hosts and host groups for which the filter has been set up.

 

Creating a New Database Filter

Click on New Filter to create a new database filter.

  1. Provide a Filter Name.
  2. You have two options (Basic Options and Advanced) to filter the messages under two tabs.
    1. Basic Options tab
      In the basic option, when multiple values are entered, all the values are considered for filtering events.
      • You will find Drop the Logs containing text box to drop the logs containing the message(s).
      • You will find Except text box to exclude an event with a specific event log message.
      • You will find Event Source text box to filter out events received from a specific event log source.
      • You will find User text box to filter out events received for a specific user. This field is effective only for Security (Important) events.

      Multiple values can be entered in the text boxes separated by commas.

    2. Advanced tab
      In the advanced option, when multiple values are entered, any of the values or all the values are considered for filtering events depending up on the selection of Match Any or Match All radio buttons.
      • You will find Match Any and Match All radio buttons for Drop the Logs containing text box to drop the logs containing the message(s).
      • You will find Match Any and Match All radio buttons for Except text box to exclude events with a specific event log message, from filtering out.
      • You will find Event Source text box to filter out events received from a specific event log source.
      • You will find User text box to filter out events received for a specific user. This field is effective only for Security (Important) events.
      Multiple values can be entered in the text boxes separated by commas.
  3. Select the Windows tab for the Windows Hosts Filters and Syslog tab for Unix Hosts Filters.
    1. Windows tab
      • If you would like to filter based on Windows Event ID, then select the By Event ID option and provide the Event ID's (Use comma ',' to separate multiple Event ID's).
      • If you would like to filter based on Event Type and Event Severity, then select the By Type / Severity option. Select the types of events which needs to be filtered, from the list of events under Event Type column.
      • The event types are:

        1. Application
        2. Security
        3. System
        4. DNS Server
        5. File Replication Service
        6. Directory Service

         

        Select the severity of events which needs to be filtered, from the list of severity in the Event Severity row.

        The event severity are:

        1. Information
        2. Success
        3. Error
        4. Failure
        5. Warning

        Any combination of event type and severity is possible and select the appropriate check boxes provided in a matrix format.

        The unselected event type and severity will be dropped.

    2. Syslog tab
      • Unselect the types of events which needs to be filtered, from the list of events under Event Type column.
      • The event types are:

        1. kernel
        2. user
        3. mail
        4. daemon
        5. auth
        6. syslog
        7. lpr
        8. news
        9. uucp
        10. cron1
        11. authpriv
        12. ftp
        13. ntp
        14. logAudit
        15. logAlert
        16. cron2
        17. local0
        18. local1
        19. local2
        20. local3
        21. local4
        22. local5
        23. local6
        24. local7

         

        Unselect the severity of events for which needs to be filtered, from the list of severity in the Event Severity row.

        The event severity are:
      1. Emergency
      2. Alert
      3. Critical
      4. Error
      5. Warning
      6. Notice
      7. Information
      8. Debug

      Any combination of event type and severity is possible and select the appropriate check boxes provided in a matrix format.

  4. Click Next.
  5. Choose the hosts and/or host groups on which the filter needs to be applied.
  6. Click Finish to create and activate this database filter.

 

Editing Database Filters

In the Edit Hosts tab you can add or remove hosts from this DB Filter. In the Edit Criteria tab you can modify the Event Type, Event Severity, Event ID, or Message Filters for the Filters for Windows Hosts and/or Filters for Unix Hosts. Click Save once the required modifications have been done in Edit Hosts tab or Edit Criteria tab or in both tabs.

 

 

Copyright © 2012, ZOHO Corp. All Rights Reserved.
ManageEngine