Filters are an integral part of EventSentry. With a filter you can define what events are being processed by which target. You will need to setup at least one include filter (and one target) for EventSentry to work properly.
There are two types of filters: include and exclude. It is important to pay attention to the order in which filters are setup as they are processed sequentially in the GUI from top to bottom. You can configure up to 512 filters.
Filter Processing
Every new event from the event log is passed to every installed include filter starting from the top. Processing ends when:
| • | all include filters have been processed |
| • | an include filter with the option "Stop Processing other Filters" matches, in which case no other filters are processed |
It is important that exclude filters are always put before (=above) the include filters they should exclude from. Before an include filter is processed, EventSentry checks all exclude filters that are configured before the current include filter, to see if the event should be excluded or not.
Local Filters, Global Filters and Group Filters
Please see Local, Global & Group Filters for an explanation on local, global and group filters.
Exclude Filters
Exclude filters prevent certain events from being processed. Exclude filters can either apply to all targets or only to a particular target. This gives you the ability to only exclude events for some targets, while logging everything to another target (event log consolidation). Again, exclude filters always have to be put before (=above) the include filters they exclude from.
Exclude filters are indicated in the filterlist by a 
.
Include Filters
Include filters process event records that match their filter criteria and pass them to the configured target or all targets.
The more fields you restrict in a filter (e.g. Source, Category, ID ...) the fewer events will match that filter.
Include filters are indicated in the filterlist by a 
.
Wildcard Support
Wildcard support was added in version 2.20 and needs to be activated in the service options. More information on wildcards can be found in Wildcard Support.
list of installed filters in group "File Servers"