Groups allow you to group filters and system health settings into groups. This feature is especially useful when used in combination with the remote update.
Groups were designed for medium to large implementations of EventSentry. If you have no need for groups then you can simply ignore this feature. One group however is necessary for EventSentry to work properly, the Default Group by default.
Overview
This feature is best explained with an example: Suppose you have a large network with several file servers, database servers and different kinds of web servers (e.g. intranet, extranet, internet, customer, ...). File servers can probably share common filters, as can database servers. But since database servers most likely use different filters than file servers you can create a group for each group.
This makes performing remote updates much easier, you can apply different filters to different groups of servers. Let's look at the following groups:
Regular Servers is the "active group"
The selected group, in the above case Regular Servers, is called the "active group". Please note that the EventSentry agent will only process the filters from the active group if more than one group exists - all other filters are ignored by the service. This however is not relevant for remote computers which only have one group - the group their computer is a member of.
Creating Groups
Groups are created either by right-clicking an existing group and choosing Add Group or by right-clicking any filter and also choosing Add Group. You can remove existing groups by right-clicking the group and choosing Delete Group. The order for groups is of no relevance and can currently not be changed. Groups are ordered alphabetically upon startup.
If you delete a group then all associated filters, health settings as well as all computer objects in that group will be deleted as well. |
Active Groups
If you have more than one group, then only one group can be active at a time. The active group is not relevant for remote computers since the group they belong to will automatically be set to be the active group; furthermore remote update only transfers one group to remote machines.
If you are one a computer which has multiple groups defined (and the agent installed), then the active group will tell the agent which group filters to load. In the above example (screenshot), the agent on BLACKJAGUAR will only load the filters in the Database Servers group, filters of other groups will be ignored. Local and global filters of course still apply as they are always loaded.
Local & Global Filters
Starting with version 2.40 EventSentry comes with two builtin-groups for filters, the Local and Global filters. These two groups make administering large installations of EventSentry much easier and more efficient.
Local Filters
Filters that are located in the Local Filters under the Local Settings container will be processed before all other filters (global and group filters) are, and every host running EventSentry has Local Filters. If you need to add a filter that is really only relevant for a particular server, then it is recommended that you place this filter into the Local Filters of that particular host.
Filters in the Local Filters group are not overwritten by Remote Update.
Global Filters
Filters located in the Global Filters group are processed after Local Filters, but before the filters of the active group. Global Filters are very useful in combination with remote update, as filters contained within are sent to all remote hosts, regardless of which group the host belongs to.