Sorry you're having trouble getting the filters & notifications to work. The process for enabling a certain email alerts, are as follows:
1. Create a new package (you can also use an existing one)
2. Assign the package to the correct host(s) / group(s) or make it global
3. Add a filter inside the package that matches the event you are looking to alert on, e.g. the "Application Error" event
4. Save the configuration. In a default setup with the collector this will ensure that the configuration is sent to remote agents as well
I would also recommend taking a look at our tutorial that explains how filters work here: https://www.eventsentry.com/support/tutorial/topic/include-exclude-filters/step/1
After enabling registry auditing, did you confirm that the audit events (https://system32.eventsentry.com/security/event/4657) were logged to the security event log?
I am a bit of a newbie at eventsentry so I am hoping I can get some assistance from this forum. I have successfully setup an SMTP relay so I am receiving notifications. I also enabled registry auditing for the folder I am looking to monitor. My issue is, I can't seem to understand how to actually setup the filter alerts. I want to track 1 registry string, the name is BOB_IDLE and its value can only be a 1 or 0. I want to know when that value has changed, and what its changed to. 1 would send me an email "Bob is idle", 2 would send me "Bob is working". As far as the application notification, I just want to know anytime a 1000 event ID "application crash" occurs. This computer basically only runs 1 application so having it send me any application crashes would be perfectly fine. I've spent the night trying to understand filters and the context field, wildcard, string etc I just can't seem to understand it. Thank you in advance for your assistance.