Real-time event monitoring is an important feature of most remote device management applications. It may be used for monitoring security systems or medical applications, for inspection of IT equipment failures, etc. Devices usually generate many different events, and when you're running a system which contains many Devices, your AggreGate Server will get many events which aren't very important, but some which might be critical. So, when you have a human operator, it is unnecessary for them to monitor all events, but some events may require attention. To filter out the less significant events and concentrate on the more important ones, use Event Filters. Filters also help monitor different system events, such as Scheduled Job execution, Alert escalation etc.
An Event Filter is used to hide non-significant events and highlight the most important ones. It is a set of rules instructing the Event Log component in AggreGate Server User Interface (e.g. Event Log in AggreGate Client) to adjust the visualization of incoming events for the needs of the user's business role.
|
Every user has his own set of event filters. |
Working With Event Filters
To start using an event filter, the user must activate it by selecting it from the Filters drop-down list in the Event Log component. This is what filter selection looks like in the AggreGate Client Event Log:
The Event Log component has two sections:
| • | Real-time Events, shows events as they are fired |
| • | Event History, for past events |
Filters may be selected separately for each section. If a filter is selected in Real-time Events section, the Event Log starts listening for all categories of events listed in the Filter Rules table. When a filter is selected in the Event History section, AggreGate Server loads all events satisfying Filter Rules list (see below) from the database and shows the first few rows, allowing the user to scroll through the whole list and sort it.
The most important property of an event filter is Filter Rules, defining which events to show. During filter activation every Enabled record in the Filter Rules table is processed and events satisfying the following conditions are shown in event log:
| • | If Event Name is not equal to "*" (All Events), the event's name must be equal to the Event Name field. |
| • | The event's level must be greater of equal to the severity level specified by the Level field |
| • | The event must satisfy the Filter Expression |
All of these field names, in bold above, are described below. Each filter record may also define a highlighting color that will be used to highlight events of this category in Event Log.
|
Highlighting color defined in Filter Rules record may be overridden by Custom Highlighting rules. |
By default, the following columns are visible in the Event Log:
| • | Server Timestamp. Date and time when this event was registered by AggreGate Server. This column cannot be hidden. |
| • | Context. Description and/or path of the context where event has been occurred. This column shows descriptions of contexts by default. Context paths are shown only if the Show context paths along with their descriptions setting is enabled in Filter Info. This column may be hidden by disabling the Context Name setting in Primary Visible Fields. |
| • | Event. Event name and/or description. This column shows events descriptions by default. Event names are shown only if the Show event names along with their descriptions setting is enabled in Filter Info. This column may be hidden by disabling the Event Name setting in Primary Visible Fields. |
| • | Level. Event level. This column may be hidden by disabling the Event Level setting in Primary Visible Fields. |
| • | Data. String representation of the Data Table associated with event. This column may show field names and values or values only, depending on the Show field names setting in Filter Info. It may be hidden by disabling the Event Data setting in Primary Visible Fields. |
| • | Acknowledgement. Event acknowledgement. This column may be hidden by disabling the Acknowledgement setting in Primary Visible Fields. |
Event Level column uses a set of icons to indicate level of events:
Icon |
Event Level |
|
None (event level not defined) |
|
Notice |
|
Info |
|
Warning |
|
Error |
|
Fatal |
|
See the Event Log article in AggreGate Client manual for more information about event monitoring. |
Administering Event Filters
Two contexts are used to administer event filters: One is the general Event Filters context, which serves as a container. The other is the Event Filter context, which holds the information for a single filter. |
|
Event Filter Structure
Each event filter has several properties:
| • | Filter Info. The name and description of the filter, and some other basic settings |
| • | Filter Rules. A list of events (or rather, event types, for we're not talking about specific event instances here) that are shown in the Event Log when the filter is active |
| • | Primary Visible Fields. The visible properties of events shown when the filter is active |
| • | Additional Visible Fields. These are additional fields, containing event-specific data. You can use this property to control which of these "additional" fields you see in the Event History for this event. For example, the login event has a username field, indicating what user logged in. This field is used only for the login event -- there's no use for it in an alert event (for example). So it's contained within the Data Table for the login event (and there's no such field in the data table for the alert event). The contents of this field depends on the event types which were selected in Filter Rules. |
| • | Custom Highlighting. Rules for assigning different colors to events when they're shown in the Event Log. |
The Filter Rules property defines which events are shown when the event filter is active, while Filter Info, Primary Visible Fields and Additional Visible Fields describe which parameters and fields are shown for every event. More information about filter properties can be found here.
Filter Expressions
Filter expressions are used to fine-tune filtering and color-coding rules. See Filter Expressions for more information.
Event Highlighting
Events shown in the Event Log can be color-coded according to different rules. See Event Highlighting for more information.
Some filters may require system operators to adjust filtering parameters upon filter activation or reactivation. Such filters are called parameterized filters. See Parameterized Filters for details.