Forums  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Member List  Search  FAQ  Ticket List  Log Out

 

Event 552 noise reduction

  		Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [Networking & Security] >> GFI EventsManager >> Event 552 noise reduction Page: [1]
Login
Message << Older Topic   Newer Topic >>
Event 552 noise reduction - 26.Dec.2006 10:16:37 AM   
tdeering

 

Posts: 51
Score: 0
Joined: 19.Dec.2005
Status: offline 		Maybe I am not setting this noise rule up right. I am trying to filter out event 552 from a specific computer and a specific user name. When I create the noise rule I first give it a name. Next I select the security log. In the Event IDs I put 552, in source I put in the computername and in user I put domain\username. Lastly I select the noise classification and use the default classification action. I still get all the 552 events from said system. This was not an issue in the 20061122 build. This is a fresh install not an upgrade. After I had uninstalled the 20061122 build I deleted the EventsManager folder in the GFI directory then installed the 20061214 build.
Post #: 1
RE: Event 552 noise reduction - 26.Dec.2006 10:58:54 AM   
Arielle

 

Posts: 295
Score: 0
Joined: 15.Sep.2006
Status: offline 		Hi,

Then 'Source' field does not refer to the workstation that the event is from, but the source of the event. For example security events will have their source as Security, or application events logged by an SQL Server will have their source as MSSQLSERVER or SQLBrowser.

To ignore event 552 by a user from a particular computer you need to specify the 'User' field as Domain\User and apply that rule for the computer you want only. So you will need to create a new rule set under the 'Noise reduction' folder, go to that computer's properties from Configuration > Event Sources and select that rule set in the 'Windows Event Log' tab.

_____________________________

Arielle Bonnici

GFI Blog: http://www.gfi.com/blog – Follow Us (Twitter): http://www.twitter.com/gfisoftware – Watch Us (YouTube): http://www.youtube.com/gfisoftware

(in reply to tdeering)
Post #: 2
RE: Event 552 noise reduction - 26.Dec.2006 11:22:27 AM   
tdeering

 

Posts: 51
Score: 0
Joined: 19.Dec.2005
Status: offline 		Man oh man I had that wrong, my only question is how the heck was it working last time? I am sure that I set it up the same way and it worked. Thanks for setting me straight on that one. 

(in reply to Arielle)
Post #: 3
Page:   [1]
All Forums >> [Networking & Security] >> GFI EventsManager >> Event 552 noise reduction Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts