How do I Update filters for MonitorWare Agent?

How do I Update filters for MonitorWare Agent?

Article created 2005-04-04 by
Hamid Ali Raja
.

2. In order to update a filter it’s necessary that you have a previously saved configuration in
which you had applied filters. Click here
if you wish to learn “How to add filters for MonitorWare Agent?”

Note:String comparison in Filter Conditions are “Case Sensitive”. For example, if the
Source System name is “ws01” and you had written “WS01” while applying the filter, then this filter
condition would “NEVER” evaluate to True! Please double check before proceeding further!

How to Update Filters?

1. Lets say that initially we were interested in getting an e-mail alert in a given time period
for the following filter condition:

( (Event ID is 500 OR 1000 OR 2000 OR 3000) ) AND ( FromHost is not equal to WS01 ) )

AND

( ( Event Source is equal to Security ) OR ( Priority is greater than 5 ) )

And the filter form looked like this:

2. Lets assume that you wish to update this filter condition string to this now:

( ( Event ID is not equal 500 OR 1000 OR 2000 OR 3000) ) AND ( FromHost is not equal to WS01 ) )

OR

( ( Event Source is equal to Security ) OR ( Priority is greater than 5 ) )

You would have to follow the following steps in order to accomplish this.

3. We need the Boolean “OR” operator in the top-level node for the above said filter condition,
not the default “AND”. Thus, we need to change the Boolean operator. There are different ways to do
this. Either double-click the “AND” to cycle through the supported operations or select it and
click “Change Operator”. In any way, the Boolean operation should be changed to “OR”. This can be
seen in the screen shot below:

We will be working on this part of the filter condition.

( ( Event ID is not equal 500 OR 1000 OR 2000 OR 3000) ) AND ( FromHost is not equal to WS01 ) )

4. In order to update the actual values of the Event ID, select each of the filter. A small
dialog opens at the bottom of the screen and update the required values. In our sample, these are
Event ID 500, 1000, 2000, and 3000.

5. Click on the filter property “Event ID”, from the “Compare Operation” combo box, select “is not
equal”. Repeat this step for the next three filters. When you have made the updates, you screen
should look as follows:

6. Don’t forget to save the settings by clicking the (diskette-like) “Save” button. This procedure
completes the updation of the filter form. Once done your configuration looks like the following:

7. Last, save the changes if you haven’t done it before and then restart the MonitorWare /
WinSyslog or EventReporter service.

MonitorWare / WinSyslog or EventReporter cannot dynamically read changed configurations. As
such,it needs to be restarted after such changes.