Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Using Filters

Filters are used to search logs and view information about filter condition, time, or fields in the logs. You can configure basic and advanced filters to match the filtering conditions. You can either load existing filters or define a new filter. A filter allows you to enter specific information that must be displayed on the Event Viewer page; for example, the columns in the Event Viewer table, the type of graph, the time period, and the aggregation point. When you change an existing filter or create a new filter, the Event Viewer table and event graph are updated automatically. If filters contain time details, the time control in Event Viewer is updated with the time specified in the filter.

You can edit, save, delete, or search filters on the Event Viewer page. To open the filter options, select Monitor > Events & Logs. Click the filter icon, and select Show Saved Filters.

Editing Event Viewer Filters

To edit an Event Viewer filter:

  1. Select a filter.

    The filter details are displayed in the filter bar.

  2. Edit the filter string.
  3. Click Save.

    The filter is saved and the database is updated.

Viewing Saved Filters

You can filter the results to display only event logs matching certain criteria.

  1. Select Monitor > Events & Logs
  2. Click the filter icon and select Show Saved Filters to view the saved filters.

The following are the default filters that are available:

  • Top Web Apps

  • Top Applications Blocked

  • Top URL’s Detected

  • Top URL’s Blocked

  • Top Viruses Detected

  • Top Spam Sources

  • Top Services Blocked

  • Top Unidentified Applications

  • Top Screen Attackers

  • Top Screen Victims

  • Top Screen Hits

  • Top Firewall Deny Sources

  • Top Firewall Deny Destinations

  • Top Firewall Service Deny

  • Top Firewall Events

  • Top FW Denies

  • Top IPS Attack Detected

  • Top IPS Attack Blocked

  • Top IPS Attacks by Severity

  • Top IPS Attack Sources

  • Top IPS Attack Destinations

  • Top IPS Events

  • Top Webfiltering URLs Detected

  • Top Source IPs

  • Top Destination IPs

Deleting Event Viewer Filters

To delete an Event Viewer filter:

  1. Select Monitor > Events & Logs and click the filter icon and select Show Saved Filters.

    The View/Load Filters window appears.

  2. Select the filter
  3. On the top right corner of the window, click the delete button (X).

    The delete confirmation window displays the message. Do you want to delete the selected filter?

  4. Click Yes to confirm the deletion.

    The selected filter is deleted.