A Minimal Configuration
The most basic EventSentry configuration must include the following:
| • | One Target |
| • | One Group |
| • | One Filter Package |
| • | One Installed Agent |
| • | One Management Machine |
Do-It: Creating A Minimal Configuration
If you specify the SMTP configuration during the setup procedure then the EventSentry installer will automatically create a default configuration consisting of:
| • | One group (Example Group) |
| • | Example filter, health and tracking packages |
| • | One target (Default SMTP) |
Once you have completed the configuration of EventSentry, you can either click the save button in the toolbar or select "Save" from the "File" menu. Remember that configuration changes will not become effective until you save the configuration.
How do Filters and Targets work?
Filters and filter packages are the core component of EventSentry, and determine which events are processed. When EventSentry receives notification of the new event it will process it according to the configured filters and targets (continued from figure 1):
Figure 5
For every event written to any of the monitored event logs, the agent processes all filters of all assigned packages. If the agents finds a match, then the event will be forwarded to the configured notifications. If it does not, then the agent simply ignores/drops the event log record. In the example above, the event record is not matched by any of the exclude filters, but matches the All Errors filter and is forward to both configured notifications (SMTP Email & MySQL Database).
Configuring EventSentry
You have full control over the configuration of the agent because the configuration is not permanently saved until you click the save button or choose the "Save" option from the "File" menu. Also, EventSentry does not automatically update the configuration of the remote agents; instead, you can use the Remote Update feature to send the configuration and configuration changes to the agents on your network.
The EventSentry configuration is stored in the registry under the key HKEY_LOCAL_MACHINE\netikus.net\EventSentry. Whereas the management application reads and writes the configuration to and from the registry, the agent mostly only reads the configuration from the registry.
Figure 6