A Minimal Configuration
The most basic EventSentry configuration must include the following:
•One Event Log Package
•One Installed Agent
•One Management Console
Do-It: Creating A Minimal Configuration
If you specify the SMTP configuration during the setup procedure then the EventSentry installer will automatically create a default configuration consisting of:
•One group (Default Group)
•Example event log, log file, system health and compliance tracking packages
•One action (Default Email)
Once you have completed the configuration of EventSentry, you can either click the save button in the toolbar or select "Save" from the "File" menu. Remember that configuration changes will not become effective until you save the configuration.
How do Filters and Actions work?
Filters and event log packages are the core component of EventSentry and determine which events are processed. When EventSentry receives notification of the new event it will process it according to the configured filters and actions (continued from figure 1):
For every event written to any of the monitored event logs, the agent processes all filters of all assigned packages. If the agents finds a match, then the event will be forwarded to the configured notifications. If it does not, then the agent simply ignores/drops the event log record. In the example above, the event record is not matched by any of the exclude filters, but matches the Email Critical Events filter and is forward to an email notification.
You have full control over the configuration of the agent because the configuration is not permanently saved until you click the save button or choose the "Save" option from the "File" menu. Also, EventSentry does not automatically update the configuration of the remote agents; instead, you use the Remote Update feature to send the configuration and configuration changes to the agents on your network.
The EventSentry configuration is stored in the registry under the key HKEY_LOCAL_MACHINE\Software\netikus.net\EventSentry. Whereas the management application reads and writes the configuration to and from the registry, the agent mostly only reads the configuration from the registry.