Noise Reduction Processing Rules Questions

	Forums Register Login My Profile Inbox Address Book My Subscription My Forums Member List Search FAQ Ticket List Log Out

Noise Reduction Processing Rules Questions

Logged in as: Guest

Users viewing this topic: none

Printable Version

All Forums >> [Networking & Security] >> GFI EventsManager >> Noise Reduction Processing Rules Questions

Page: [1]

Message

<< Older Topic Newer Topic >>

Noise Reduction Processing Rules Questions - 29.Jul.2009 9:34:54 AM

mfhjek0

Posts: 24
Score: 0
Joined: 14.Jun.2006
Status: offline

In order to create a rule to ignore blank User Name events in Windows Securtiy log, in the Advanced Conditions "Value" field, what is the representation for blank? I have tried leaving the field empty but it will not let me. I have tried using the space bar for a single space, or multiple spaces and that does not seem to work. Is there a special character for a blank? Is there reference or Help screen that I have missed that shows all the valid characters.........., blanks, wildcard, variables, etc. ?

Next question: When I use the event classification of "Noise", what is the difference in the classification action of "Ignore the event" and "Use the default classification"? I do want to ignore any noise, but when I look at the default classification action for "Noise", all it has is an unchecked box for "Archive the event".

Seems confusing.

Post #: 1

RE: Noise Reduction Processing Rules Questions - 29.Jul.2009 9:57:19 AM

DrewE

Posts: 1058
Score: 0
Joined: 28.Apr.2008
From: Cary, NC
Status: offline

The wildcard character is %

Each rule can have its own set of actions, or you can configure the "Default classification" from the "Configuration -> Default Classification Actions" section.

_____________________________

Drew Easley - Technical Support Representative
GFI Software - www.gfi.com

(in reply to mfhjek0)

Post #: 2