It is possible to schedule event log consolidation during non-business / off-peak hours if the servers or workstations you are monitoring are located across a WAN. This makes it possible to reduce bandwidth consumption significantly during business hours.
This functionality can be easily achieved by setting a summary notification on the filter(s) that are used to forward events to a database. Since you can assign different packages to different servers/groups, it is easily possible to configure machines located in the same LAN as the database server to write events immediately to the database, yet schedule remote machines across a WAN during off-peak hours.
1. Creating a new group
If only some of your monitored machines are located across a WAN then it is recommended that you create a new group for those machines - if you haven't done that already. Right-click the "Computer Groups" container and select "Add Group". Assign a descriptive name to the groups.
2. Create a new filter package
Right-click the "Filter Packages" container and select "Add Package". Assign a descriptive name to the package (e.g. "Database Consolidation over WAN"). You can skip this step if you already have a filter package that is only used by servers across the WAN.
3. Creating a summary notification filter
Add a new include filter to the package and configure it to forward the desired types of events to the database notification, for example all Information, Warning, Error and Audit Failure events. However, unlike a regular filter, we will assign a summary notification to this filter so that events are queued and not sent immediately during business hours.
To assign a summary notification, click the Hour/Day tab of the newly created filter and make sure that all the hours during which you want to queue events are raised. Every push button represents one hour of the day, and in the example below we will queue events from 7AM to 7PM, whereas events between 7PM and 7AM will be sent to the database immediately:
Summary notifications are quite flexible and can also be used to receive a daily email report from a server for example. For more information on summary notifications see the manual.
