Best way to filter servers in both reports in Active Channel and reports
I have Unix syslogs coming into one connector.
I am using ESM 3.5
For a report, I would like to list the logins of about 70 servers and exclude about 10.
For this I tried to use NOT an Active List but am not sure that is workable, as it sometimes appears to ignore the list.
For the Active Channel, the console specifically told me not to use an Active List, but using "destination host name <> X" slows the active channel to a crawl.
The best way to do this is create an active list (fields based), with a single column being "server host name" or something similar. Then add all the servers that you would like to see into that report. Then when you create the query, just include the AL and that the hosts must exist in there.
For a channel you can not use AL's. The best there would be to create a filter with the hostnames that you want to see and then add that filter to the channel. If it's taking a long time, then you may want to consider if there is another way to search for these hosts, like do they all fall into a sequential IP range.