Event Log Package Options

Navigation: Monitoring with EventSentry > Event Log Monitoring >

Event log packages offer additional options in addition to the general package options.

Catch-All Notification Package

It is recommended that you activate this feature on packages containing "catch-all" filters.

Catch-All Filters

We refer to a "Catch-All" filters whenever you have an include filter that will forward all events, for example all errors and warnings, to an action. Catch-All filter examples are:

•	A filter forwarding all warnings, errors and audit failures to an email recipient

•	A filter forwarding all audit success and audit failure events to a database

Since event logs generate a lot of noise, configurations with Catch-All filters usually also include many exclude and include threshold filters so that unnecessary alerts are not sent to the email recipient.

If you do not configure a package that contains a catch-all filter as a "Catch-All Notification Package" then include filters with thresholds from other packages might not work as expected.

Event Log Packages set to be Catch-All are processed after event log packages which are not set to be Catch-All packages. This makes sure that include filters with advanced features such as Thresholds are processed before filters in a Catch-All package.

Ignore Exclude Filters from other packages

Exclude filters from all packages are, by default, always processed before a notification is sent out. That is, it doesn't matter in which package an exclude filter is contained - it will always apply.

If you have filters for which you would like to ensure that they are not excluded by exclude filters from other packages, then you can add them to a new package and configure the package to ignore exclude filters from other packages.