Summary Notifications

Summary Notifications are a new and unique feature of EventSentry. They enable you to receive events collected over a period of time rather than being notified immediately. To activate the Summary Notification Feature check the Summary notification instead of filtering checkbox in the dialog.

This feature is intended to work with the SMTP Target but can be used with any configured target, except for the special setting All Targets. Please note that summary notifications are bound to a particular target. Do not create multiple summary notifications that use the same target; instead, create a new target for each summary notification.

The screenshot below shows an example summary notification configuration that will be explained below.

The standard day/hour filter simply discards an event when it occurrs during inactive hours, (during the weekend in the above example). If you activate the summary notification however, the event is not discarded but collected.

If no events have been collected during the collection period then no notification will take place, e.g. no email will be sent.

If an event occurrs during a disabled hour, then the event will be collected (yellow bar). The collected events are then sent out in the next active hour (green circles). If more than one hour is consecutively active, then all events that take place during this period will be processed immediately and will not be collected (green line).

This is best explained with the example above: Collected events will only be sent out Monday through Friday at 8am in the morning. Events that take place between 8am and 6pm will be sent out immediately and will not be collected since the active hours are next to each other. Events that take place between 6pm Wednesday and 8am Thursday (yellow line in screenshot) will be collected and processed at 8am.

•	Send a weekly summary email to a supervisor containing all error events of the week

•	Log events to an ODBC target only twice a day to save bandwith from a server connected through a slow link

•	When an event occurrs and the hour is active but the next hour is not, collect the event

•	When an event occurrs and the hour is active and the next hour is as well, process the event immediately

•	If the current hour is active and the previous one is not then send out all collected events for the configured target

Summary events are no longer lost when the EventSentry service restarts (since v1.15). Collected events are written to temporary file in the system %TEMP% directory and start with "eventsentry_summary_" and are processed when the service starts.

•	It is not possible to receive an hourly summary email because if an event takes place during a period of two or more consecutive active hours the event will be processed immediately. The shortest interval for a recurring notification is two hours.

•	A maximum of 4096 events can be queued; all other events will be ignored (this limitation will be addressed in a future release)

•	Summary notifications are connected to the configured filter target. It is not possible to create more than one summary notification filter that use the same target. If you need multiple summary notification filters then you will need to create one target for each of them.

When using the summary feature it is recommended that you set the appropriate security permissions on the %TEMP% directory to avoid unauthorized people from obtaining information about your event logs by looking at these temporary files. The temporary files are however locked by the service as long as it is running and cannot be accessed by another process.