Navigation:  Monitoring with EventSentry > Event Log Monitoring > Filters >

Advanced Text Processing

 Top  Previous  Next

Comma Separated Values (Event Log Filters only)

You can separate multiple values with a comma to avoid creating multiple filters. Simply combine all the values the field should match with commas and make sure you are not using a space after or before the comma. For example:

 

Print,MrxSmb

 

All fields in the "Details" section and the "Filter Text" support this feature.

 

Negation Symbol (Event Log Filters only)

You can negate a value by pre pending it with an exclamation mark. For example, to match all events except for those with the source of Print you could use the following:

 

!Print

Alert or Warning 1 24 n g

Do not combine regular values (values without the negation character) and values with a negation character (e.g. "!Print,MrxSmb" is not supported). All fields in the "Details" section support this feature.

 

Wildcard Feature

When Wildcard Support is activated in the global options then the following filter fields support wildcards:

 

Event Log Filters

1.        Event Source

2.        Category

3.        Username

4.        Filter Text

5.Computer

 

Service Monitoring

1.        Included/Excluded Service

 

Tracking Features

1.        Included/Excluded Process

2.        Included/Excluded Logons

3.        Included/Excluded Print Jobs

 

The wildcards * and ? are currently supported.

 

*        matches zero or more occurrences of any character
?        matches one occurrence of any character

 

Alert or Warning 1 24 n g

Note: Filter strings, whether containing wildcards or not, are never case sensitive.

 

Examples

 

Filter with wildcard

Matches string

ipx*

IPXCP

IPXRIP

IPXRouterManager

IPXSAP

*iptables*proto=??p*dpt=13*

syslog@netikus-router[kern.debug]:  kernel: IPTABLES INPUT: IN=ppp0 OUT= MAC= SRC=65.35.223.155 DST=65.41.63.146 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=54221 DF PROTO=TCP SPT=1429 DPT=135 WINDOW=64240 RES=0x00 SYN URGP=0

VMnet*

VMnetAdapter

VMnetBridge

VMnetDHCP

VMnetuserif

*rip*

IPRIP2

IPXRIP

 

Alert or Warning 1 24 n g

Important Notice when updating from versions prior to 2.20: A wildcard filter like "ipx" will only match a string like "IPXRouterManager" if wildcard support is not activated. If wildcard is activated then you will need to include the asterisk "ipx*".