Forums  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Member List  Search  FAQ  Ticket List  Log Out

 

Wild Card Problems

  		Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [Networking & Security] >> GFI EventsManager >> Wild Card Problems Page: [1]
Login
Message << Older Topic   Newer Topic >>
Wild Card Problems - 12.Feb.2009 8:36:52 AM   
claidham

 

Posts: 9
Score: 0
Joined: 27.Aug.2007
Status: offline 		I'm having some trouble getting a Wild Card to work in the event processing rules, although the pattern seems to work all right in Event Browser queries.

I'm trying to mark our Anti-virus software logins as Noise on all systems - the software uses a local admin account created on each system to do a login as Service.

In Events Browser, my query is:
"Field 1: Contains %Sophos%", "Field 4: Contains 5" - this works and shows me lots of events with Sophos in the username.

In Event Processing Rules, my query (under Noise reduction) is:
"Field 1: Contains the text %Sophos%", "Field 4: Equal to 5" - this doesn't seem to work at all.

I have confirmed that the rule is applied across my windows systems, but I can't seem to get this message to match.

==========
Feature Request -

In the next version of Events Manager, is it possible to have a button in the Events Browser window that allows you to convert an existing query into a new rule? Even a cut & paste feature would help eliminate transcription errors.
Post #: 1
Page:   [1]
All Forums >> [Networking & Security] >> GFI EventsManager >> Wild Card Problems Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts