The goal of this example is to log all event log entries to an ODBC action and, in addition, be notified of important events through a SMTP action. We will also exclude unnecessary events from being sent through the SMTP action.
1. Add an ODBC Action
All filters that are going to use this action will log event log entries to the ODBC DSN SQLServer to the table EventSentry.
2. Add an SMTP Action
All filters that are going to use this action will send event log entries through the mailserver mail.netikus.net sent from email@example.com to firstname.lastname@example.org.
The action list should then look like this:
3. Add an Include Filter for the ODBC Action
This filter will log all event log messages from the Application, Security and System event log to the target ODBC Action.
4. Add an Include Filter for the SMTP Action
This filter will log Warning, Error and Audit Failure event log messages from the Application, Security and System event log to the target SMTP Action.
5. Add an Exclude Filter for the SMTP Action
This exclude filter will exclude all event log entries from the RemoteAccess source - but only for the SMTP Action. The ODBC Action will still receive those events.
After installing the three filters above the Installed Filters list should look like this: