EventSentry monitors your event logs so that you can receive certain events via email and to consolidate some or all events into a supported database. You can control which events are forwarded to which notification (please remember that a database is, from EventSentry's point of view, just another notification) with filters.
As such, you will need at least one filter package with an include filter to receive events via email. You can use exclude filters to exclude certain events from being forwarded to a notification.
Exclude Filters and Thresholds
One of the biggest challenges with receiving event log alerts through mediums such as email is to cut down on the number of alerts you receive. We have addressed this problem with exclude filters and threshold options which can be set for include filters. Exclude filters, as the name implies, allow you to exclude certain events from reaching a notification. Thresholds allow you to limit the number of events that are processed based on time intervals.
Catch-All Packages
Filter Packages can be configured to be "Catch-All" packages, meaning that the filters they contain will processed after all other include filters are processed. This is not relevant for exclude filters (which are always processed before a notification is sent out), but important when you work with include filters that have thresholds applied to them.
If you are using threshold filters that are not in the same package as your "Catch-All" filter (see Event Log Alerts) then it is important that you set the filter package containing your main include filter to be a "Catch-All" package.