Summary Notifications

Summary Notifications are a new and unique feature of EventSentry. They enable you to receive events collected over a period of time rather than being notified immediately. To activate the Summary Notification feature, set the Schedule Type to Summary. Summary filters are shown with a little clock

in the list.

This feature is intended to work with the SMTP action but can be used with any configured action, except for the special setting "Trigger all Actions". Please note that summary notifications are bound to a particular action. Do not create multiple summary notifications that use the same action; instead, create a new action for each summary notification.

The screenshot below shows an example summary notification configuration that will be explained below.

The standard day/hour filter simply discards an event when it occurs during inactive hours, (during the weekend in the above example). If you activate the summary notification however, the event is not discarded but collected.

If no events have been collected during the collection period then no notification will take place, e.g. no email will be sent.

If an event occurs during a disabled hour, then the event will be collected (white area). The collected events are then sent out in the next active hour (orange circles). If more than one hour is consecutively active, then all events that take place during this period will be processed immediately and will not be collected (blue area).

This is best explained with the example above: Collected events will only be sent out Monday through Friday at 8am in the morning (orange circles). Events that take place between 8am and 5pm will be sent out immediately and will not be collected since the active hours are next to each other (sequential). Events that take place between 5pm Wednesday and 8am Thursday (white area in screenshot) will be collected and processed at 8am (orange circles).

•	Log events to an ODBC action only twice a day to save bandwith from a server connected through a slow link

•	When an event occurs and the hour is active but the next hour is not, collect the event

•	When an event occurs and the hour is active and the next hour is as well, process the event immediately

•	If the current hour is active and the previous one is not then send out all collected events for the configured action

Summary events are no longer lost when the EventSentry service restarts (since v1.15). Collected events are written to temporary file in the system %TEMP% directory and start with "eventsentry_summary_" and are processed when the service starts.

•	It is not possible to receive an hourly summary email because if an event takes place during a period of two or more consecutive active hours the event will be processed immediately. The shortest interval for a recurring notification is two hours.

•	Summary notifications are connected to the configured filter action. It is not possible to create more than one summary notification filter that use the same action. If you need multiple summary notification filters then you will need to create one action for each of them.

When using the summary feature it is recommended that you set the appropriate security permissions on the %TEMP% directory to avoid unauthorized people from obtaining information about your event logs by looking at these temporary files. The temporary files are however locked by the service as long as it is running and cannot be accessed by another process.