Overview
This article provides a step-by-step process on ignoring events generated by GFI EventsManager.
Process
GFI EventsManager may generate some events when it is collecting the logging from the machines on the network. You can configure GFI EventsManager to ignore the events which are generated when collecting events as follows:
Configuring GFI EventsManager to use a dedicated account
The first thing to do is to configure a dedicated account for GFI EventsManager. The user account should be created in Active Directory and it is preferable that this user account is part of the Administrator's group. For the rest of the article, we will refer to this user as COMPANY\EventsManagerAccount. Use this procedure to configure GFI EventsManager to start using this login account:
- From Administrator Tools, open the Services pane.
- Open the properties of the GFI EventsManager service.
- In the Log On tab, configure the credentials of the new user (COMPANY\EventsManagerAccount).
Configuring GFI EventsManager to ignore the events generated by the user
The second thing you need to do is to configure GFI EventsManager to classify the events generated by this particular user as noise. It is therefore important that this user is not used for any other purposes. This can be achieved as follows:
- Open GFI EventsManager Management Console.
- Go to Configuration > Event Processing Rules.
- Expand the 'Noise reduction' node.
- Right-click on 'User-based noise' and choose 'Create new rule'.
- Proceed through the wizard.
- In the Conditions screen of the wizard, set the User field to GFI EventsManager Service account.
- Leave the Event ID fields empty.
- In the 'Select Event occurrence and importance' tab, set the classification of the rule as 'Noise' event.
- In the 'Actions' page, configure GFI EventManager to use the 'Default Classification Actions' for this rule.
NOTE: You can also configure EventsManager to ignore specific events generated by a particular user for a particular rule. This can be achieved by creating event processing rules similar to the one above but you have to specify the Event IDs that you need to ignore.