About events processing rules

Events processing rules are checks that are run against event logs when they are collected. Based on the conditions configured in a rule, events processing rules help you:

• Classify processed events - assign a severity rating to collected logs. This enables you to trigger actions or notifications if a certain severity log is processed. By default, events are classified using five main ratings, however, more ratings can be added
• Filter out noise (repeated events) or unwanted events - remove duplicate logs or logs that are not important for you and archive important event data only. This reduces database growth and saves storage space
• Trigger Email, SMS and Network alertsNetwork messages (known as Netsend messages) which inform recipients that a particular event has occurred. These messages are sent through an instant messenger system/protocol and are shown as a popup in the system tray of the recipient’s desktop. To setup network alerts, you must specify the name or IP of the computers where the Netsend messages will be sent. on key events - send notifications to configured recipients upon detection of certain events. You can configure an event processing rule to send notifications to recipients when the rule conditions are met
• Attempt remedial actions - run executable files, commands and scripts upon detection of specific events. This enables you to automatically perform remedial actions to mitigate or completely eliminate a detected problem
• Filter events that match specific criteria - remove event logs that are not important for you. Example, you can run a rule which filters out low severity or duplicate events
• ArchiveA collection of events stored in the SQL Server based database backed of GFI EventsManager. filtered events - event archiving is based on the severity of the event and on the configuration settings of the event processing rules. Example: you can configure GFI EventsManager to archive only events that are classified as critical or high in severity and discard all the rest.

The flowchart chart below illustrates the event processing stages performed by GFI EventsManager:

How Events Processing Rules work

Event classification

Event classificationThe categorization of events as Critical, High Medium, Low or Noise. is based on the configuration of the rules that are executed against the collected logs. Events that don’t satisfy any event classification conditions are tagged as unclassified. Unclassified eventsEvents that did not satisfy any of the event processing conditions configured in the event processing rules. may also be used to trigger the same alerts and actions available for classified events.

GFI EventsManager classifies events in the standard importance levels such as Critical, High, Medium, Low and NoiseRepeated log entries which report the same event. (unwanted or repeated log entries).