Defining Database Filters

You can use the database filters, to filter out the unwanted events from your hosts, from getting stored in the database. By this you can save the hard drive space.

For example, if you want to reject/ filter out the events with the Event ID 1001, in the database filters, choose the Event ID: box and enter 1001. If you are not aware of the Event ID(s), kindly uncheck the events that you do not want to get stored. For example, if you do not want the Information type of events, unselect the Information check box. This will reject all the Information type of events for the host(s) that you choose in the database filters wizard.

Click the Database Filters option in the Settings tab, to apply specific event filters on the data collected and stored in the database. With this option, you can store only the necessary event logs in the database, making it easier to search for particular events, and optimizing the capacity of the database. Clicking the option will open the Filter Details page. The page contains a menu bar and list of filters available.

The menu bar contains the following menu:

New Filter - Click this menu to create a new database filter.
Delete Filter - Select the check boxes of filters to be deleted and click this menu.
Export Profiles - Select the check boxes of filter profiles to be exported and click this menu. The profile will be downloaded as an XML file (EventLogAnalyzer_Profiles.xml), through your browser into your client machine.
Import Profiles - Click this menu to import filter profiles. On clicking the menu, Import Profiles screen pops-up. In that, you will find File Location text box and Browse button besides. Enter the location of the XML file (EventLogAnalyzer_Profiles.xml) or use the browse button to locate the XML file. Click Import button to import the profiles in to EventLog Analyzer server and Cancel button to cancel the import profiles operation. If the filter already exist in EventLog Analyzer, clicking Import button will list Failed To Import option and the existing filters with check boxes and you will find Over Write button and Cancel button to cancel the import profiles operation. Select the check boxes of filters to overwrite and click Over Write button.

There will be no hosts configured for the imported filter profiles. You have to edit the filter profile to configure the hosts.

Managing Database Filters

The Database Filters option lists all the filters created so far, with the option to add more. Click the Enabled icon to disable the filter. This is a toggle icon, so click it again to enable the filter. Click the Edit DB Filter icon to Edit the Database Filter. Click the Delete icon to delete the filter. The list also shows the filter type, hosts and host groups for which the filter has been set up.

Creating a New Database Filter

Click on New Filter to create a new database filter.

Provide a Filter Name.
You have two options (Basic Options and Advanced) to filter the messages under two tabs.
1. Basic Options tab
  In the basic option, when multiple values are entered, all the values are considered for filtering events.
  - You will find Drop the Logs containing text box to drop the logs containing the message(s).
  - You will find Except text box to exclude an event with a specific event log message.
  - You will find Event Source text box to filter out events received from a specific event log source.
  - You will find User text box to filter out events received for a specific user. This field is effective only for Security (Important) events.
  Multiple values can be entered in the text boxes separated by commas.
2. Advanced tab
  In the advanced option, when multiple values are entered, any of the values or all the values are considered for filtering events depending up on the selection of Match Any or Match All radio buttons.
  - You will find Match Any and Match All radio buttons for Drop the Logs containing text box to drop the logs containing the message(s).
  - You will find Match Any and Match All radio buttons for Except text box to exclude events with a specific event log message, from filtering out.
  - You will find Event Source text box to filter out events received from a specific event log source.
  - You will find User text box to filter out events received for a specific user. This field is effective only for Security (Important) events.
  Multiple values can be entered in the text boxes separated by commas.
Select the Windows tab for the Windows Hosts Filters and Syslog tab for Unix Hosts Filters.
1. Windows tab
  - If you would like to filter based on Windows Event ID, then select the By Event ID option and provide the Event ID's (Use comma ',' to separate multiple Event ID's).
  - If you would like to filter based on Event Type and Event Severity, then select the By Type / Severity option. Select the types of events which needs to be filtered, from the list of events under Event Type column.
2. Syslog tab
  - Unselect the types of events which needs to be filtered, from the list of events under Event Type column.
  1. Emergency
  2. Alert
  3. Critical
  4. Error
  5. Warning
  6. Notice
  7. Information
  8. Debug
  Any combination of event type and severity is possible and select the appropriate check boxes provided in a matrix format.
Click Next.
Choose the hosts and/or host groups on which the filter needs to be applied.
Click Finish to create and activate this database filter.

Editing Database Filters

In the Edit Hosts tab you can add or remove hosts from this DB Filter. In the Edit Criteria tab you can modify the Event Type, Event Severity, Event ID, or Message Filters for the Filters for Windows Hosts and/or Filters for Unix Hosts. Click Save once the required modifications have been done in Edit Hosts tab or Edit Criteria tab or in both tabs.

ManageEngine