Using Filters
Filters are used to search logs and view information about filter condition, time, or fields in the logs. You can configure basic and advanced filters to match the filtering conditions. You can either load existing filters or define a new filter. A filter allows you to enter specific information that must be displayed on the Event Viewer page; for example, the columns in the Event Viewer table, the type of graph, the time period, and the aggregation point. When you change an existing filter or create a new filter, the Event Viewer table and event graph are updated automatically. If filters contain time details, the time control in Event Viewer is updated with the time specified in the filter.
You can edit, save, delete, or search filters on the Event Viewer page. To open the filter options, select Monitor > Events & Logs. Click the filter icon, and select Show Saved Filters.
Editing Event Viewer Filters
To edit an Event Viewer filter:
Viewing Saved Filters
You can filter the results to display only event logs matching certain criteria.
- Select Monitor > Events & Logs
- Click the filter icon and select Show Saved Filters to view the saved filters.
The following are the default filters that are available:
Top Web Apps
Top Applications Blocked
Top URL’s Detected
Top URL’s Blocked
Top Viruses Detected
Top Spam Sources
Top Services Blocked
Top Unidentified Applications
Top Screen Attackers
Top Screen Victims
Top Screen Hits
Top Firewall Deny Sources
Top Firewall Deny Destinations
Top Firewall Service Deny
Top Firewall Events
Top FW Denies
Top IPS Attack Detected
Top IPS Attack Blocked
Top IPS Attacks by Severity
Top IPS Attack Sources
Top IPS Attack Destinations
Top IPS Events
Top Webfiltering URLs Detected
Top Source IPs
Top Destination IPs
Deleting Event Viewer Filters
To delete an Event Viewer filter: