Ad Widget

**eglyn** · 26-10-2023, 11:30

I try to use the regular expression in general -> regular expression in the category "windows service discovery" like this:

If I test, it works:

But in the problem tab, it still there, even if I wait 1 hour, suppress, it come back:

**vijayk** · 26-10-2023, 11:58

Are you using with Windows by Zabbix agent template? If yes, make entry in {$SERVICE.NAME.NOT_MATCHES} macro with |cbdhsvc_.+| at the last before closing ")".

This is working for me.

**eglyn** · 30-10-2023, 15:01

Thx for your answer, I have this:

but it does not work :/

**vijayk** · 31-10-2023, 12:07

^(?:wuauserv|cbdhsvc_.+|webthreatdefusersvc_.+|edg eupdate|)$

I'm using this in discovery filter. And its working fine.

**ISiroshtan** · 31-10-2023, 16:48

Did you delete the discovered items after adding filter and they were re-discovered? Or have you done the "Unlink and clear" the template and re-added it again after adding the filter?

As far as I remember, adding filter after the discovery was run will make the filtered items not to be discovered, but already discovered items will remain operational until the "Keep lost resources period" time runs out.

**cyber** · 01-11-2023, 09:02

IF items are no longer discovered, then they should have yellow "!" visible in their config ...

None of OOB templates since long time ago uses those global regexes.. All of those are in template level filters.

**irontmp** · 02-11-2023, 12:50

Originally posted by eglyn

hi !
I try to disable this windows service alert, but without success:

"cbdhsvc_c484a5f" (Clipboard User Service_c484a5f) is not running (startup type automatic delayed)

So, here what I do: (Zabbix v6.4.7)

Go to:
Data Collection --> Template --> "Windows services by Zabbix agent"

Next:
Click on "Discovery" --> Windows services discovery

And:
Filter tab, and add:
{#SERVICE.NAME} does not match ^(cbdhsvc_[a-zA-Z0-9]*)

I try too:
{#SERVICE.NAME} does not match ^(cbdhsvc_*)

and:
{#SERVICE.NAME} does not match ^(cbdhsvc_\w+)

But it does not work :'(

How to remove definitively this service alert spam ?

Thx !

I have a problem filtering succesfull security audits from Windows machines in Kiwi.

I have made a priority filter that excludes notices. Also made a message text filter (complex) with sub-string that excludes "Audit Success" and "Success"

However the server console keeps filling up with succesfull audits. Just installed this yesterday, so this is very new to me, sure im overlooking something.

Any suggestions would be very much appreciated! Thanks!

**cyber** · 06-11-2023, 16:16

Originally posted by irontmp

I have a problem filtering succesfull security audits from Windows machines in Kiwi.

Aren't you in wrong forum? Here's Zabbix not Solarwinds forum...

Ad Widget

Windows Service Alert flooding, Filters does not work

Windows Service Alert flooding, Filters does not work

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment