cancel
Showing results for 
Search instead for 
Did you mean: 

Filter EPO

I have been asked if I can filter out the "Update Successful" on the EPO collector to reduce noise to the ESM. I am running 9.2.1, can someone provide me with instructions on how to do this?

Thank You!

2 Replies

Re: Filter EPO

There are a few different approaches you could take:

1) Disable logging of this event in ePO.  This is done in Configuration, Server Settings, Event Filtering.

2) Disable the event in your ESM policy.  To do this:

  • go to a view where you see some of the Update Successful events.  Select the event, open the menu in the top-left corner, and select "Show rule xxx-xxxxxx". 
  • In the Action column, click on "enabled" and select "disabled". 
  • Save changes and roll out policy.  Now your receiver will stop parsing these events.

3) Last, you might consider simply adding filters to your views to hide these events from displaying.

Scott

rth67
Level 12
Report Inappropriate Content
Message 3 of 3

Re: Filter EPO

I would edit the Policy to not send the events to the ESM, but still send the events to the ELM for long term storage and to allow the events to be found from an ELM Search if needed later.

The ELM's compression on raw events is very high and should be no issues for long term archiving.