This article provides a workaround on how to avoid archiving unnecessary events.
In event activity processing and monitoring, noise refers to unwanted or repeated events.
Event activity monitoring is a continuous process. Computer systems tend to generate millions of events - most of which are noise/repeated events. It makes more difficult to monitor events that are really important and besides, it will fill the database with useless information.
Once you have identified the events that you do not want EventsManager store in the database, you can create a custom noise rule to discard these events before they are stored.
Creating the Custom Noise Rule
- In the GFI EventsManagement Console, click on the Configuration button and select Event Processing Rules.
- Expand the node 'Noise Reduction'.
- Click on the 'Create new rule set' link in the Common Tasks section and give it a name (e.g. 'Event XXX').
- To create the new rule, click on the 'Create new rule' link.
- Specify a name for the new rule such as 'noise caused by YYY' and enter a brief description. Click on the Next button to proceed.
- Select which type of event log(s) will apply to this rule. Expand the Original option if you want more details. Click on the Next button to continue.
- Enter what type of filtering conditions are applied for this rule. Event ID XXX will be entered.
- You have an option to set ID, Source, Category, User and Event Type.
- If you wish to perform advanced filters, click on Advanced button and enter any additional filters by clicking on the Add button.
- Click on Next to proceed through the wizard.
- Define the occurrence (default: 'any time of the day').
- Classify the event as 'Noise Event'. Click Next.
- As the actions that will be taken, select 'Ignore the event' and click Next.
- Click Finish to create the rule.