Best way to deal with a new install

The opinion was that there may have been many events filtered out that we were missing, as we had a fairly old install with many exclusions.

What is the best way to approach a new install and get most of the critical alerts?

I've just re-installed in the hope that we can get eventsentry to a default state where we can decide which events we don't want as we get them. Possibly not the best approach, but this is what has been requested.

It seems to exclude events, and the requirement is you add the filters as required?


Comments

  • Hi Jason,


    The approach you are taking is, in my opinion, the correct approach. Windows does unfortunately log a lot of noise, but it's impossible to predict which critical events may be logged at some point in the future.

    As such, just setting up rules to include specific events will ultimately mean that you will miss critical events.

    EventSentry does include a set of default packages which include mostly exclude rules, to filter out very common noise. It's usually not necessary to disable/delete those packages, it's extremely unlikely that those rules would block critical alerts.

    So yes, you would just monitor the incoming alerts at this point and create exclusion rules on a case-by-case basis. If you are using Outlook then remember that you can select the individual event in Outlook, copy it to the clipboard, and then paste it into the filter dialog in the management console. I can provide details if necessary.

    Let me know if you need anything else.


    Ingmar.
  • Awesome. Thanks.
Sign In or Register to comment.