Sven Berger
Posts: 184
Score: 0
Joined: 25.Feb.2008
Status: offline
|
Hi Shoey2u,
The Event 560 (failed Object Access outside working hours) is considered a "Critical Importance Event" in Eventsmanager. You can either change the Classification of the event (so that you will not get flooded with Emails all the time), or you can create a rule that will treat the event otherwise.
If you would like to have the Event treated as noise, then I would suggest you create a matching rule under "noise Events". You also need to make sure that the rule is applied against evetns that are collected from your machines. I guess that this is where the problem lies.
Go to Configuration -> EventSources and open the properties of the Computer Group where you would like to apply the rule. Open the tab "Windows Event Logs" and tick the radio button "Process the logs with the rules selected before archiving." Expand the "Noise Reduction" node and ensure that your rule has been ticked.
_____________________________
Sven Berger
GFI Software - www.gfi.com
Messaging, Content Security & Network Security Software
|
Printable Version
Event ID 560 - Best Way to Handle? - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread