FAQ

Discarding non-matching Events

Created on 2001-06-05 by Rainer Gerhards.

Question: I have set up filter rules in EventReporter to forward events I am interested in. I am receiving these events, but do also receive all other events from that log. How can this be fixed?

Answer: The reason for all events being reported is that if no filter matches, the event is reported. This mode of operation is chosen because many customers want to filter out some specific events while receiving all others.

To meet your needs, simply create a new filter at the end. Leave all criteria (source, type, category, ...) blank. Set the action to off. That filter will match all other events and discard them. As it is the last filter, it will only apply if no other one matches. So if you would like to receive additional events in the future, be sure to define their filters BEFORE the "drop all" filter. It should always remain at the end of the list.

This screenshot shows a sample configuration:

Please note the selected rule 3. It hast the Action set to Off (discard) and also does not specifically name any filter details - so it matches all events that did not match rule number1 and 2.

HomeProduct InfoGeneral InformationMonitorWare ProductsEdition ComparisonOrder and PricingUpgrade Insurance InfoNews ReleasesVersion HistoryProduct TourScreenshotsDownloadReference libraryGeneral InformationStep-by-step guidesAllInstallation and ConfigurationServices relatedActions relatedCentral MonitoringCommon UsesCentralized monitoringSecurity ReferenceHelpSupportManualFAQAllGeneral questionsInstallation and updatesEventReporter 6.x specificArticlesSeminars OnlineAllGeneralEventReporter relatedOrder & pricingOrder nowEditionsPricing InformationUpgrade Insurance InfoLocal ResellerContact UsSearch

Printer Version Send this page to a friend