The goal of this example is to log all event log entries to an ODBC target and, in addition, be notified of important events through a SMTP target. We will also exclude unnecessary events from being sent through the SMTP target.
1. Add an ODBC Target
All filters that are going to use this target will log event log entries to the ODBC DSN SQLServer to the table EventSentry.
2. Add an SMTP Target
All filters that are going to use this target will send event log entries through the mailserver mail.netikus.net sent from eventsentry@netikus.net to eventsentry@netikus.net.
The target list should then look like this:
3. Add an Include Filter for the ODBC Target
This filter will log all event log messages from the Application, Security and System event log to the target ODBC Target.
4. Add an Include Filter for the SMTP Target
This filter will log Warning, Error and Audit Failure event log messages from the Application, Security and System event log to the target SMTP Target.
5. Add an Exclude Filter for the SMTP Target
This exclude filter will exclude all event log entries from the RemoteAccess source - but only for the SMTP Target. The ODBC Target will still receive those events. It is important to note that one needs to move this filter up in order for it to be processed before the Important to SMTP filter.
After installing the three filters above the Installed Filters list should look like this:
One can see that the Exclude SMTP exclude filter is below (=after) the two other include filters, which is incorrect. This is because new filters are always appended to the end of the list. Exclude Filters always have to appear above (=before) their respective Include Filter.
6. Moving the Exclude SMTP filter up
To move the "Exclude SMTP" exclude filter up, select the filter (by clicking on it) and click the Move Up button once. The Installed Filters list will look like this:
The exclude filter "Exclude SMTP" could actually be positioned above all other filters since it only filters out events for the target SMTP Target.