Introduction (Step 1 of 5)
Getting Started
Filter Timers give you the ability to ignore events if they are followed by a specific event within a certain time period. For example, you probably want to be notified when a server goes offline for more than 5 minutes, but it might be OK if the server comes back online after 2 minutes.
Another example where a filter timer would be useful is for service status changes.
The NAVENG service changes its status from running to stopped at 2:07:43 PM due to an anti-virus definition or engine update. Please note that you will need to monitor services with EventSentry in order for the following events to be logged to the event log.
After 20 seconds, the service is running again:
In this case we really don’t need to be notified when this occurs, but we would like to know if the Anti-Virus goes down completely. Since the service resart above took only 20 seconds, we assume at this point that it is OK if the NAVENG service is stopped for less than 1 minute. If the service is stopped for more than 1 minute however we need to be notified.
This is where EventSentry’s Filter Timer comes to the rescue.
The Filter Timer works by setting up at least two filters: One to send the alert and another one to (optionally) clear it. You can either create a new filter package for a filter timer or add the filter timers to an existing package (e.g. in its own folder). For this example we will create a new package appropiately named Filter Timer.
