Excluding a particular Event ID from an Event Log error check

Excluding a particular Event ID from an Event Log error check (Full Version)

All Forums >> [Networking & Security] >> GFI Network Server Monitor

Message

JonH7 -> Excluding a particular Event ID from an Event Log error check (10.Mar.2009 1:51:29 PM)
We have GFI NSM performing Event Log error checks on all of our servers. I would like to exlude a particular Event ID from these error checks, Event ID 1111 because this is logged whenever someone RDPs to a server because the default RDP client behavior is to attempt to connect their printers. Is there any way to setup an event log monitor to monitor for all error events except for that one? Thanks!

RAK153 -> RE: Excluding a particular Event ID from an Event Log error check (21.Jun.2009 7:41:43 PM)
I'd also like this functionallity as I have an issue with SAP logging each cancelled transaction as an Error in the event logs. I also had issues with the remote printer error. If you are in a domain environment and do not need the functionallity you can disable redirection of printers through group policies. The GP item you need to edit is: Computer Configuration - Administrative Templates - Windows Components - Terminal Services - Client - Server Data Redirection - Do not allow client printer redirection = Enabled

2dS -> RE: Excluding a particular Event ID from an Event Log error check (22.Jun.2009 3:16:20 AM)
That is not possible on the current build of NSM. I don’t know if this helps, but you can obtain something similar by creating two event log checks; one that is succeeds if the event id to be excluded is found (i.e. event id 1111 in the specified case), this should not send any notification. And the other should be configured to search for the desired events (i.e. all the error events) and this should be executed only if the previous check has failed. This can be configured from the check’s properties dialog on the dependencies page.

RAK153 -> RE: Excluding a particular Event ID from an Event Log error check (22.Jun.2009 4:21:05 PM)
I did think about doing that but there is a problem. If the error you don't want notification about (1111 in this case) is logged in Event viewer and another error is logged around the same time then in the scenario above the second error will not be reported as the first check has succeeded. We really need to be able to add exclusions to this rule. Please consider this functionallity for the next release of NSM. Thanks

Page: [1]