Navigation:  Event Log Monitoring > Event Log Alerts >

Local Filters

With the introduction of Filter Packages in version 2.70 of EventSentry, Local Filters are no longer supported. Instead, you can use one or more filter packages to emulate the behavior of Local Filters.

One Package per Computer

If you have multiple computers that each require a unique set of filters then you can create a filter package for each of those computers and assign the respective filter package to the computer in question. Since the filters in that package will only be processed by the computer the package is assigned to, this configuration is similar to the Local Filter feature found in earlier versions of EventSentry. Yet, it gives you the ability to centrally manage the configuration.

One Package for all Computers

Instead of creating one package for each computer (which might not be ideal if you have a large number of computers), you can also create one filter package (e.g. named "Local Filters") and add multiple filters to this one package.

To make sure that a filter inside the package only applies to one computer, specify the computer name in the "Computer" field of the filter. This ensures that the filter will only be processed by the computer specified in this field. The screenshots below show this better:

In the example above, the filters are grouped into folders, whereas each computer (or multiple computers in the case of SRV-FILE-*) has its own folder. The filter itself is always associated with one or more computers.

You can assign this package then either to the computers in question, or make the package global. Making this package global is possible since the filters will only be processed on those computers where the computer name matches the "Computer" field in the filter.