Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Filter Management Overview

    Filters are used to search logs and view information about filter condition, time, or fields in the logs. You can configure basic and advanced filters to match the filtering conditions. You can either load existing filters or define a new filters.

    A filter allows you to enter specific information that must be displayed on the Event Viewer page. For example: The columns in the event viewer table, the type of graph, time period, and aggregation point. When you change an existing filter or create a new filter, the Event Viewer table and event graph are updated automatically. If filters contain time details, the time control in event viewer is updated with the time specified in the filter.

    Filters provide:

    • Quick access to critical information—If you are a firewall administrator, you might have to regularly deny traffic from a specific application or a specific set of addresses. You might also have to allow or deny specific application access to some users. To achieve these conditions, you must have user search criteria, scan through the firewall logs that match that criteria, and display the matching logs.
    • Filter sharing among users—Other users in your domain can use the filters you create without modifying or deleting the filters.
    • Filter usage across multiple functional areas—Filters can be used across multiple functional areas such as the event viewer, dashboard monitor, alerts, and reports.

    Understanding Role-Based Access Control for Filter Management

    Role-based access control (RBAC) has the following impact on filter management:

    • You cannot view filters that are created in other domains.
    • When you create or edit a filter, you must use devices in the same domain. If a filter contains devices from different domains, logs are not displayed even if they match the filter condition.
    • You can create or edit a filter only if you have create and edit permissions.

    You must have the following permission under Role Based Access Controls>Roles:

    • Event Viewer to view Event Viewer.
    • CreateFilter to create filters.
    • ModifyFilter to modify filters.
    • DeleteFilter to delete filters.

    Published: 2014-04-30