1. You would at least need the Basic Edition of MonitorWare Agent / WinSyslog / EventReporter for this scenario.
Please Note: We are using MonitorWare Agent in this guide whereas MonitorWare Agent is superset of WinSyslog and EventReporter. So this guide is also applicable for WinSyslog and EventReporter.
2. In order to update a filter it’s necessary that you have a previously saved configuration in which you had applied filters. Click here if you wish to learn “How to add filters for database MonitorWare Agent, WinSyslog and EventReporter?”
Important note about Filter Condition
String comparison in Filter Conditions are “Case Sensitive”! For example, if the Source System name is “ws01” and you had written “WS01” while applying the filter, then this filter condition would “NEVER” evaluate to True! Please double check before proceeding further!
How to Update Filters?
1. Lets say that initially we were interested in getting an e-mail alert in a given time period for the following filter condition:
( (Event ID is 500 OR 1000 OR 2000 OR 3000) ) AND ( FromHost is not equal to WS01 ) )
AND
( ( Event Source is equal to Security ) OR ( Priority is greater than 5 ) )
And the filter form looked like this:
2. Lets assume that you wish to update this filter condition string to this now:
( ( Event ID is not equal 500 OR 1000 OR 2000 OR 3000) ) AND ( FromHost is not equal to WS01 ) )
OR
( ( Event Source is equal to Security ) OR ( Priority is greater than 5 ) )
You would have to follow the following steps in order to accomplish this.
3. We need the Boolean “OR” operator in the top-level node for the above said filter condition, not the default “AND”. Thus, we need to change the Boolean operator. There are different ways to do this. Either double-click the “AND” to cycle through the supported operations or select it and click “Change Operator”. In any way, the Boolean operation should be changed to “OR”. This can be seen in the screen shot below:
We will be working on this part of the filter condition.
( ( Event ID is not equal 500 OR 1000 OR 2000 OR 3000) ) AND ( FromHost is not equal to WS01 ) )
4. In order to update the actual values of the Event ID, select each of the filter. A small dialog opens at the bottom of the screen and update the required values. In our sample, these are Event ID 500, 1000, 2000, and 3000.
5. Click on the filter property “Event ID”, from the “Compare Operation” combo box, select “is not equal”. Repeat this step for the next three filters. When you have made the updates, you screen should look as follows:
6. Don’t forget to save the settings by clicking the (diskette-like) “Save” button. This procedure completes the updation of the filter form. Once done your configuration looks like the following:
7. Last, save the changes if you haven’t done it before and then restart the MonitorWare / WinSyslog or EventReporter service.
MonitorWare / WinSyslog or EventReporter cannot dynamically read changed configurations. As such,it needs to be restarted after such changes.