About the Windows Filter Policy Window

Filter policies let you specify which Windows events are sent to Operations Sentinel as alerts. Events are filtered on each Windows system before they are forwarded to Operations Sentinel. Each Windows system can have its own filter policy, and multiple Windows systems can use the same filter policy. Only one filter policy can be active on a given monitored system at any given time.

The Windows Filter Policy window allows you to modify and create filter policies for the Operations Sentinel Windows Agent. The Windows Filter Policy window has a row for each event source that has been configured to be a part of the filter policy.

The name of the filter policy you are currently editing appears in the title bar.

Columns in the Windows Filter Policy Window

The columns in this window are

Event Source

Contains the names of the event sources for which filter criteria have been established in this filter policy. The event source named DEFAULT is predefined and determines the filter criteria for events coming from event sources that are not explicitly specified in this filter policy.

Error

Warning

Information

Success Audit

Failure Audit

Define the filtering criteria for these five types of events. Any one of the following values can appear in each filter criteria column:

  • All All events of the specified type are forwarded to Operations Sentinel from this event source.

  • None No events of the specified type are forwarded to Operations Sentinel from this event source. This is the default.

  • Include Only those events of the specified type that are explicitly listed in brackets are forwarded to Operations Sentinel from this event source.

  • Exclude All events of the specified type except those that are explicitly listed are forwarded to Operations Sentinel from this event source.

File Menu Items

The items in this menu are

Edit Menu Items

The items in this menu are