NT Event Log Monitor - Event Entry Filters

IPSENTRY Version 4

Home | Add-In Help index | Main Help Index

NT Event Log Monitor - Event Entry Filters

When you select "Add" or "Modify" from the Event Log Configuration window, you will be presented with the Event Filter Configuration window.

This window contains fields used to filter events to be included or excluded from the evaluation of the log files and are defined as follows:

Include
Selecting this option signifies that events matching the configuration should be considered as matching events and should trigger an alert so long as the event does not match any of the Exclude filters.

Exclude
Once an event is found that matches an Include filter, the event will be evaluated against any Exclude filters. If the event matches an exclude filter, it will be ignored.

Event Source
Select the source of the event. You can find this value in the Windows Event View in the Source column associated with the event you wish to evaluate.

Event Type
The event type is a bitmapped value that denotes the classification of the event such as Information, Warning, Error, Audit Success and Audit Failure.

Event ID List
This field may contain an Event ID number or a list of Event ID numbers (separated by comma) that are acceptable for this entry. If you wish to consider ALL event ID numbers, enter a -1 in this field.

Example:
An entry of 538,528 in this field would signify that only events with event ID 538 or 528 are acceptable.

Category ID List
Similar to the Event ID List, this field may contain a Category ID number or a list of Category ID numbers (separated by comma) that are acceptable for this entry. The category ID number is of course unique to the application generating the event. If you wish to consider ALL category ID numbers, enter a -1 in this field.

Usernames
Each event contains a the account name of the user that logged the event. You can filter events based on none, one, or more usernames by entering the user name(s) in this field (separated with comma). Leave this field blank to consider events logged by any user.

Example:
An entry of SYSTEM, Administrator, ANONYMOUS would cause the add-in to evaluate only events that were logged by these users. e.g. DOMAIN\Username

Note that accounts such as SYSTEM may be returned as "\SYSTEM" - no domain prefix.

Event Description Contains
The information in this field will be compared against the message text in the event log.

Note: Due to the location of the message information in some applications, the message information may not be available. Some applications store common message strings in message files located on the remote computer. Due to security and path limitations, these files may not be accessible and therefore, some data may not be available to the event log add-in. Fortunately, most operating system events will contain the necessary information.

Related Topics

Getting Started

Installation Overview
License Agreement
Pricing and Purchasing (https://secure.rgeinc.com)
Entering Registration Code
Support Information

User Interface Reference

SCREEN SAMPLES
Click on a field or area for details.


Contact: support@ipsentry.com	http://www.ipsentry.com
©1997-2003 by RGE, Inc. - All Rights Reserved IPSentry® is a registered trademark of RGE, Inc.