Table of Contents
- Getting Started
- Agent-Based Management
- Data Providers
- Directory Services
- Event Log Archiving for JSIG and CMMC Compliance
- Auditing
- Hosts
- Templates
- Template Properties
- Batch Update Templates
- Assign Templates
- Log Management Templates
- SCAP Compliance Monitor
- File and Directory Monitor Templates
- Windows Monitor Templates
- Account Lockout Monitor Template
- Logon Monitor Template
- CPU Monitor Template
- Memory Monitor Template
- Disk Space Monitor Template
- SMART Monitor Template
- Process Monitor Template
- Service Monitor Template
- Performance Counter Monitor Template
- PowerShell Template
- Registry Value Monitor Template
- System Security Monitor Template
- Active Directory User Monitor Template
- Active Directory User Integrity Monitor Template
- Task Scheduler Template
- Clock Synchronization Template
- Defragment NTFS Disks Template
- Windows Audit Policy Monitor Template
- Windows Logon As Monitor Template
- Windows Update Template
- Windows Management Instrumentation (WMI) Templates
- Database Monitor Template
- Directory Service Monitor Template
- DNS Blacklist Monitor Template
- DNS Monitor Template
- Domain Expiration Monitor Template
- Network Speed Monitor Template
- Ping Monitor Template
- Database Table Reseed
- SQL Server Shrink and Backup Template
- SSH Shell
- TCP Port Scan Monitor Template
- Website Monitor Template
- Wake On LAN Template
- SSL Certificate Monitor Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Windows Accounts Templates
- Monitors
- Reports
- File and Permission Reports
- Summary Reports
- Auto-Configurators
- Filters
- Actions
- Database Actions
- Desktop Actions
- Email Actions
- Event Log Actions
- Executable Actions
- File Actions
- IIS IP Address Restriction Actions
- Microsoft Teams Actions
- PowerShell Actions
- Report Actions
- Service Actions
- SMS Actions
- SNMP Trap Actions
- Syslog Actions
- Template Actions
- IIS IP Address Restriction Actions
- Action Variables
- Schedules
- Environment Variables
- Options
- Account Lockout Monitoring and Reporting
- Merging Logs
- SNMP
- SSH Shell
- Syslog
- Exporting and Importing Configuration Objects
- Shared Views
- Active Directory User and Group Filters
- Assign Actions
- Assign Azure Audit Logs
- Assign Consolidated Logs
- Assign Directories
- Assign Disks
- Assign Event Logs
- Assign Files
- Assign Services
- Assign Shares
- Auto-Config Host Assignment Properties
- Define CSV and W3C Log Entry Columns
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Executable Status
- Executable Timeline
- Explicitly Assigned Logs
- File Explorer
- General Executable Properties
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Target Files and Sub-Directories
- Command Line Interface
- Server Configuration
- Agent Configuration
- Troubleshooting
- Terminology
Corner Bowl Server Manager
SIEM, IPS, Server Monitoring, Uptime Monitoring and Compliance Software
Complex Filters
Complex filters are comprised of a hierarchal tree of criteria that resembles a computer programming language but is configured through a graphical user interface.
All log types are supported.
How to configure complex filters:
- From the Menu Bar select File | New. The Create New Object View displays.
- Select Filter. The New Filter view displays.
- Use the Name text box to specify a unique name.
- From the Type drop-down select the type of object to create the filter for.
- From the Sub type drop-down select Complex. The Complex Filter View displays.
- Use the New Criteria button to create a new criteria line item.
- Use the New Group button to create a new group of criteria.
- Use the Delete
button to delete the selected criteria or group. - Use the Clear
button to delete all items. - Use the Up
and Down 
buttons to change the order the group or criteria are applied.
How to apply criteria:
- Criteria contain the option to either include or exclude the entries that pass the criteria. Choose either Is, to include entries, or IsNot, to exclude entries.
- When a criteria follows another group or criteria, you must also specify a logical operator. Choose either AND, to require the criteria to also pass, or OR, to apply the criteria after the previous group or criteria fails to pass.
- Use the remaining line item controls to select the Criteria Type, Operand and Value.
Criteria Type Description Attribute Value Pair Filters attribute value pairs. Use when filtering Azure AD Audit Logs and custom defined columns (e.g. RegEx Columns, CSV Columns and W3C Columns). Day of Week Filters the day of the week. Flagged Filters flagged items. Host Filters the hostname. Time of Day Filters the time of day. Azure AD Audit Logs Correlation ID Filters the correlation IDs. JSON Filters the JSON representation of each log entry object returned from the Microsoft Graph API. Log Filters the log names. Status Filters the status. Event Logs Category Filters the categories. Event Filters the Event IDs. Comma-separate multiple items. Dash-separate Event ID ranges. Grouped Attribute Value Pair Filters Security Event Log groups and their attribute value pairs. Level Filters the levels (e.g. Info, Warning, Error). Log Filters the log names. Message Filters the messages. Source Filters the sources. Syslogs Application (*) Filters the Applications. Data (*) Filters the Data. Facility Filters the facilities. Message ID (*) Filters the Message IDs. Message Filters the messages. Priority Filters the priorities. Process ID (*) Filters the Process IDs. (*) Available when the Syslog Server is configured to parse messages using the RFC 5424 specification. For more information see: Syslog Server Settings Text Logs Log Filters the log names. Message Filters the messages. Active Directory Various For more information see: Active Directory Schema (AD Schema) SNMP Traps Data Type (*) Filters the trap variable data types. Int32 (*) Filters Int32 trap variable values. IP Address (*) Filters IP Address trap variable values as strings. Object Identifier (*) Filters Object Identifier trap variable values. String (*) Filters String trap variable values. Time Span (*) Filters Time Span trap variable values. Trap OID Filters trap Object Identifiers as strings. UInt32 (*) Filters UInt32 trap variable values. UInt64 (*) Filters UInt64 trap variable values. Variable OID Filters trap variable Object Identifiers as strings. (*) For more information see: Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP) - To move criteria out of a group, select the criteria, then click the Up or Down button. Continue clicking either direction until the criteria leaves the group.
- To move a criteria to another group, select the criteria, then click the Up or Down button. Continue clicking either direction until the selected criteria moves into the desired group.
How to use groups:
- Groups contain the option to either include or exclude the entries that pass the grouped criteria. Choose either Is, to include entries, or IsNot, to exclude entries.
- When a group follows another group or criteria, you must also specify a logical operator. Choose either AND, to require the criteria to also pass, or OR, to apply the criteria after the previous group or criteria fails to pass.
- To move a group or criteria out of a group, select the group or criteria, then click the Up or Down button. Continue clicking either direction until the selected item leaves the group.
- To move a group or criteria to another group, select the group or criteria, then click the Up or Down button. Continue clicking either direction until the selected item moves into the desired group.
Sample Complex Event Log Filter:
