Highlighted
Niemand.Richard1 Absent Member.
Absent Member.
608 views

Filtering events at the SmartConnector Level

HI all

I am in the process of getting a SmartConnector (namely the MS AD Unified Event Log) connector chatting to our ESM in another hosting site. I have got the channel up and running and am able to send all events to the ESM with no issue, the catch here is that I need to filter out all the low events from this connector (too chatty for our WAN link).

I have read the Connector Documentation and the ESM User Guide and see that I can add a filter per SmartConnector destination, the only problem is I am not too sure what the filter would be to allow only warning and higher events through.

Capture.PNG

I have tired the following.

  • eventSeverity LT 2
  • eventSeverity LT 5
  • Severity LT 2
  • Severity LT 5

What am I doing wrong??

Thanks in advance

Labels (2)
0 Likes
Reply
3 Replies
Niemand.Richard1 Absent Member.
Absent Member.

Re: Filtering events at the SmartConnector Level

Does anyone have suggestions here?

0 Likes
Reply
Established Member.. ilia.tivin@hpe.
Established Member..

Re: Filtering events at the SmartConnector Level

Hi Richard,

Not giving us much time to answer .

I'm a bit rusty but I'll do my best...

Here's what you can do.

If you are trying to filter out events that are incoming to an ESM, I'd suggest editing the filter from the ESM console and not the smartconnector settings as this will give you much more freedom later.

-Although I DO NOT suggest filtering all the low severity events as there are important events in there.

If you do decide to use the smartconnector filtering, I'd do the following:

Please note that all fields start with a small letter and not a capital one so, there is no eventSeverity named field in the schema:

severity LT 5 (Less than 5)

severity LE 5 (Less or equal to 5)

Another field you can use is deviceSeverity, although this field is a string type and you will not be able to use the LT,LE operators also this field can have any value (High,Low,2,4,999,102222 etc'...) so you will have to know what you are looking for, severity might be a string type aswell, but I'll have to check this one up.

Best of luck

0 Likes
Reply
santhosh.i Absent Member.
Absent Member.

Re: Filtering events at the SmartConnector Level

Please mention the values within double quotes!

ex:  deviceProduct EQ "Microsoft"

I guess it filters the events properly after this!

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.