GFI
English Deutsch Français Italiano Nederlands Español
Forums  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Member List  Search  FAQ  Ticket List  Log Out

 

Advanced Filtering

  		Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [Network Security] >> GFI EventsManager >> Advanced Filtering Page: [1]
Login
Message << Older Topic   Newer Topic >>
Advanced Filtering - 5.Sep.2008 10:09:58 AM   
digitalz

 

Posts: 1
Score: 0
Joined: 5.Sep.2008
Status: offline 		I am experiencing an issue where the advanced filter is not working.

I have modified the advanced filter for the built-in rule located in Security Applications>Group Policy>User Environment Warnings.  The rule is still configured for the "userenv" source and "warning" for the event type.  I have gone into advanced and set the filters as:
Event ID  Not equal to  1517 OR
Event ID  Not equal to  1524

However, I am continuing to receive notifications from this rule with the filtered out Event ID's.  I am running version 8.1.0 bld. 20080318.

There are no Vista or 2008 boxes being scanned, all are 2003 so the rule is specified using "Event ID" and not "EventID".

Please enlighten me as to what I am doing wrong or if there is a problem with this build, thanks.
Post #: 1
RE: Advanced Filtering - 5.Sep.2008 10:27:20 AM   
DrewE

 

Posts: 476
Score: 0
Joined: 28.Apr.2008
From: Cary, NC
Status: offline 		I believe the issue is related to the priority these rules are applied. Can you please try this:

  1. Locate Configuration -> Event Processing Rules
  2. Create a new folder
  3. Right click the newly created folder.  Choose 'Move Up'
  4. Repeat step 3 until the folder is at the top of the list (above noise reduction)
  5. Create a new rule set, and then a new rule within this folder
  6. Once the new rule is created, choose configuration -> Event Sources
  7. Right click on the server name or group being monitored and add this new ruleset to the event processing rules.
Does this solve the trouble for you?

_____________________________

Drew Easley - Technical Support Representative
GFI Software - www.gfi.com

(in reply to digitalz)
Post #: 2
Page:   [1]
All Forums >> [Network Security] >> GFI EventsManager >> Advanced Filtering Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


   © 2008. All rights reserved. GFI Software Home Products Download Trials Support Ordering Site Map About Us Contact us
GFI solutions: Exchange anti spam filter - exchange anti virus - isa server - network vulnerability scanner - event log management - USB security software - exchange archiving - fax server software