Table of Contents
- Getting Started
- Agent-Based Management
- Data Providers
- Directory Services
- Event Log Archiving for JSIG and CMMC Compliance
- Auditing
- Hosts
- Templates
- Template Properties
- Batch Update Templates
- Assign Templates
- Log Management Templates
- SCAP Compliance Monitor
- File and Directory Monitor Templates
- Windows Monitor Templates
- Account Lockout Monitor Template
- Logon Monitor Template
- CPU Monitor Template
- Memory Monitor Template
- Disk Space Monitor Template
- SMART Monitor Template
- Process Monitor Template
- Service Monitor Template
- Performance Counter Monitor Template
- PowerShell Template
- Registry Value Monitor Template
- System Security Monitor Template
- Active Directory User Monitor Template
- Active Directory User Integrity Monitor Template
- Task Scheduler Template
- Clock Synchronization Template
- Defragment NTFS Disks Template
- Windows Audit Policy Monitor Template
- Windows Logon As Monitor Template
- Windows Update Template
- Windows Management Instrumentation (WMI) Templates
- Database Monitor Template
- Directory Service Monitor Template
- DNS Blacklist Monitor Template
- DNS Monitor Template
- Domain Expiration Monitor Template
- Network Speed Monitor Template
- Ping Monitor Template
- Database Table Reseed
- SQL Server Shrink and Backup Template
- SSH Shell
- TCP Port Scan Monitor Template
- Website Monitor Template
- Wake On LAN Template
- SSL Certificate Monitor Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Windows Accounts Templates
- Monitors
- Reports
- File and Permission Reports
- Summary Reports
- Auto-Configurators
- Filters
- Actions
- Database Actions
- Desktop Actions
- Email Actions
- Event Log Actions
- Executable Actions
- File Actions
- IIS IP Address Restriction Actions
- Microsoft Teams Actions
- PowerShell Actions
- Report Actions
- Service Actions
- SMS Actions
- SNMP Trap Actions
- Syslog Actions
- Template Actions
- IIS IP Address Restriction Actions
- Action Variables
- Schedules
- Environment Variables
- Options
- Account Lockout Monitoring and Reporting
- Merging Logs
- SNMP
- SSH Shell
- Syslog
- Exporting and Importing Configuration Objects
- Shared Views
- Active Directory User and Group Filters
- Assign Actions
- Assign Azure Audit Logs
- Assign Consolidated Logs
- Assign Directories
- Assign Disks
- Assign Event Logs
- Assign Files
- Assign Services
- Assign Shares
- Auto-Config Host Assignment Properties
- Define CSV and W3C Log Entry Columns
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Executable Status
- Executable Timeline
- Explicitly Assigned Logs
- File Explorer
- General Executable Properties
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Target Files and Sub-Directories
- Command Line Interface
- Server Configuration
- Agent Configuration
- Troubleshooting
- Terminology
Corner Bowl Server Manager
SIEM, IPS, Server Monitoring, Uptime Monitoring and Compliance Software
Filters
A Filter is a configurable object used to target or limit specific log entries or computers from real-time and consolidated log views, monitors and reports. Filters can also be used when manually searching computers in Active Directory or through an Auto Configurator.
How it works:
Once assigned to a log viewer, report or Auto-Configurator, the filter is applied to the data set. Entries that pass the filter criteria are included in the final data set. When using the Agent-Based Log Consolidation Templates, consolidation filters are applied on each remotely managed host prior to the data set being transmitted on the network.
Note
Server Manager includes numerous sample Filters. You have the option of assigning these filters to executables as is, modifying them or if prefer, removing all of them and defining your own. To view the sample filters, from the Explorer View, expand the Filters node then select Sample Filters.
To create a filter from a Log Viewer:
- From the Log Viewer, find an entry you would like to either include or exclude from the viewer, then right click and select Filter Selected Entries. The Filter Selected Entries View displays.
- Use the Visibility drop-down to configure to either include or exclude the selected entries.
- Depending on the type of log entry, check the Include the message in the filter option to include the entire message in the filter.
- Choose to either Create a new filter or Append to an existing filter. If you choose to create a new filter,
- Use the Name text box to specify a unique name to identify the filter.
- Use the Filter type drop-down to select the type of filter to create.
- Use the drop-down to select the filter to append these entries.
- Click OK. The filter is either created or appended to, then the Filter Properties View displays.
Important
If you chose to include the message in the filter, remove all entry specific data from the filter criteria (e.g. Date and Time).
To create a filter:
- From the Menu Bar select File | New. The Create New Object View displays.
- From the Create New Object View, select Filter. The Filter Properties view displays.
- Configure the filter.
- When you have finished configuring the filter, click the OK button to save.
Available Filter Types
| Type | Description |
|---|---|
| Simple | A simple stacked list of criteria that can be ordered and flagged to either include or exclude specific contents. |
| Complex | A hierarchal tree of criteria that resembles a computer programming language but is configured through a graphical user interface. |
Sample Event Log Filters
The following screenshots show the same filter implemented using each method.
Sample Simple Event Log Filter:
List View
Table View
Sample Complex Event Log Filter:
