In EventSentry, Variables allow you to dynamically assign values to groups or hosts. This allows you to create more flexible configurations when objects such as actions share most but not all configuration values. A good example of a use case for variables is in your email action. For example, if you have two groups of servers and want different people notified for each group, then you could use variables instead of setting up two email actions and different filter packages for each group.
To setup the variable, in the EventSentry management console navigate to Tools > Variables. Then click the "Add" button to create the variable. For our example, we will use the name "EMAIL," and in the value field we will put a default email address "Tmorgan@eventsentry.com." If there are no overriding variables set in our hosts or groups, then any time we use $EMAIL the value will default to Tmorgan@eventsentry.com.
In our email action, will now replace the recipients field with the variable we just created: $EMAIL. With just this setting, anytime the email action is triggered, "Tmorgan@eventsentry.com" will receive an email.
In our example organization we have a team for servers, another team for workstations, and T. Morgan who manages both groups.
For our servers group, we want to notify servers_team@eventsentry.com and tmorgan@eventsentry.com, and for the workstations group we want to notify workstation_team@eventsentry.com and tmorgan@eventsentry.com.
Both of our servers & workstations groups will automatically inherit the $EMAIL variable we already set, so we will just have to add the appropriate distribution group (servers_team@eventsentry.com and workstation_team@eventsentry.com) to that variable. This can be done by clicking on the group in the tree and selecting "Set Variables" in the ribbon.
This will open the global variables that the group has inherited. These variables can be edited on the group level to override the global value. To change the value, double click the $EMAIL variable and add the new email address, using a comma to separate them. Now, anytime a filter triggers the default email action in the servers group, both servers_team@eventsentry.com and tmorgan@eventsentry.com will be alerted. You can repeat this process for the workstations group.
Conclusion
As you can see, using variables has allowed us to send alerts to separate email addresses depending on what computer the events originated from. The use of variables is a very convenient way to replace multiple email actions & replaces the need to duplicate event log packages for different groups.