Using Filter Text to match specific events

Choosing events (Step 2 of 6)

First Step

To really get started we will first need to identify which event we would like to receive in our email action. We will start by looking at EventSentry's Service Monitoring which writes all status changes, regardless of the service or the type of status change, as ID 10100.

Negative status change of IIS - Running to Stopped

Positive status change of IIS - Stopped to Running

In this scenario filtering by the text in the message is crucial for us to filter out the events we would like to receive. Let's say you only want to receive an email when the W3SVC changes. First lets see what filters are currently matching this event.

Right click the event in the EventSentry Event Viewer to test the event in question.

Here is an example of the event information we can test. Feel free to change this information if you anticipate an event that is slightly varied.

Here we can see that this event is matching our Database Consolidation filter already. Since we want to receive an email when this event occurs we will have to create a filter to look for this event and forward it to our email action.