In event activity processing and monitoring, 'Noise' refers to unwanted or repeated events.
Event activity monitoring is a continuous process. Computer systems tend to generate millions of events – most of which are noise/repeated events. It makes more difficult to monitor events that are really important and besides, will fill the database with useless information.
Once you have identified the events you do not want EventsManager store in the database, you can create a custom noise rule to discard this events before they are stored.
Create the custom noise rule
- Within the GFI EventsManager Management Console, click on the 'Configuration' button and select 'Event Processing Rules'
- Expand the node "Noise Reduction"
- Click on the 'Create new rule set...' link under the 'Common Tasks:' section and give it a name. Example 'Event XXX'
- To create the new rule click on the 'Create new rule...' link
- Specify a name for the new rule, such as 'noise caused by YYY', and enter a brief description. Click on the 'Next' button to proceed
- Select which type of event log(s) will apply to this rule. Expande the Original option if you want more details. Click on the 'Next' button to continue
- Enter what type of filtering conditions are applied for this rule., Event ID XXX will be entered.
- You have option to set ID, Source, Category, User and Event Type:
- If you wish to perform advanced filters, click on the 'Advanced...' button and enter any additional filters by clicking on the 'Add...' button.
- Click on 'Next' to proceed through the wizard
- Define the occurrence - default: 'at any time of the day'
- Classify the event as: 'Noise Event'> click next
- As the actions that will be taken select 'ignore the event' and click 'Next'
- Click on 'Finish' to create the rule