Filters are always grouped into one or more event log packages, and are often organized and assigned in one of three ways:
•filters apply to all hosts network-wide, and are assigned globally
•filters apply to a select number of hosts which share common properties - the package is applied to a group or select number of hosts
•filters apply to a single host only, package is applied only to one host
While creating an event log package designated for a single host can make sense, we recommend organizing filters with folders whenever there are some commonalities among more than one host.
For example, when managing filters for 5 servers, all of which require a small number of customer rules, it can be helpful to create folders based on the host names. But of course other naming schemes can work equally well - as long as they make sense to you and your team.
To make sure that a filter inside the package only applies to a select number of computers, specify the computer name in the "Computer" field of the filter. The "Computer" field supports multiple host names separated by a comma as well as wild card characters.
|
|
In the example above, the filters are grouped into folders, whereas each computer (or multiple computers in the case of SRV-FILE-*) has its own folder. The filter itself is always associated with one or more computers.
You can assign this package then either to the computers in question, or make the package global. Making this package global is possible since the filters only apply to computers whose name matches the "Computer" field in the filter.
