Generic Event Log Packages
For Event Log Packages we recommend that you organize them based on the software or Operating System type they work with. This is illustrated pretty well when you have a default install of EventSentry that ships with about one dozen of default packages.
For example, if you are monitoring both servers and workstations, then you can create one generic package for servers and one generic package for workstations. There are many events that are logged on all Windows servers and workstations (regardless of their role) that you will probably want to exclude. It is then easy to assign each package to your server group(s) and workstation group(s) respectively, assuming that you organized your computers in that way.
Event Log Packages based on Software
If you have a lot of different server (or workstation) software products installed, then it would also make sense to categorize those into packages. This makes it easier and more straight-forward to assign multiple packages to a single server or group.
For example, if your network consists of servers that have IIS, Exchange Server, Backup Software etc. installed, then simply create a package for each of those applications and assign them to the servers running those services.
You can even go a step beyond and configure an event log package for Auto Detection. This makes it possible for a filter package to automatically assign itself based on the existence of a particular service. For example, you can create a global IIS package that will activate itself when the W3SVC service exists.
