This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

filter some events which include some character

Hi All

     I use agent manager to collect windows events. but I find much events almost relates windows firewall and filter plateform events...

These events are non-essential for managers...
If the manager wants to filter these events, my impression is to add a Filter to the event source object like below screenshot


But I found that the settings I added didn't seem to work...These events still send to sentinel message bus , and could been search from web console
How can I "surely" let the Event Source filter these events that contain certain characters been drop to decrease EPS??

or How could I do from agent manager to not collect these events ?

Thanks!!

Wencheng

Tags:

  • 0

    I re-check agent manager console....it seem could not let me "exclude" some event..

    for example...I want to exclude 2 event name & vendorcode

    1. event name "The handle to an object was closed" , vendorcode is "4658"

    2. event name "An attempt was made to access an object", vendorcode is "4663"

    But Agent Manager Console seem only "collect" rule...no "exclude" rule...Right ??

    Wencheng

  • 0

    Is it true that I can't filter some unwanted events ??

    Wencheng