This article provides a workaround on how to avoid archiving unnecessary events.
In event activity processing and monitoring, noise refers to unwanted or repeated events.
Event activity monitoring is a continuous process. Computer systems tend to generate millions of events - most of which are noise/repeated events. It makes more difficult to monitor events that are really important and besides, it will fill the database with useless information.
Creating the Custom Noise Rule
- In the GFI EventsManagement Console, click on the Configuration button and select Event Processing Rules.
- Expand the node 'Noise Reduction'.
- Click on the 'Create new rule set' link in the Common Tasks section and give it a name (e.g. 'Event XXX').
- To create the new rule, click on the 'Create new rule' link.
- Specify a name for the new rule such as 'noise caused by YYY' and enter a brief description. Click on the Next button to proceed.
- Select which type of event log(s) will apply to this rule. Expand the Original option if you want more details. Click on the Next button to continue.
- Enter what type of filtering conditions are applied for this rule. Event ID XXX will be entered.
- You have an option to set ID, Source, Category, User and Event Type.
- If you wish to perform advanced filters, click on Advanced button and enter any additional filters by clicking on the Add button.
- Click on Next to proceed through the wizard.
- Define the occurrence (default: 'any time of the day').
- Classify the event as 'Noise Event'. Click Next.
- As the actions that will be taken, select 'Ignore the event' and click Next.
- Click Finish to create the rule.