Hello, I'd like to monitor event logs on Windows servers. I'd like to trigger on warning and high events.
But, I need a way to not trigger on certain strings. For example "31B2F340-016D-11D2-945F-00C04FB984F9" which appear here and there in a High state.
How to I do this? I have one item:
eventlog[Application]
and twp triggers:
({Template_Windows:eventlog[Application].nodata(3600)}#1)&({Template_Windows:eventlog[Application].logseverity(4)}=4)
({Template_Windows:eventlog[Application].nodata(3600)}#1)&({Template_Windows:eventlog[Application].logseverity(2)}=2)
I have tried getting some kind of regex to exclude stuff in my item, like
eventlog[Application,!"string"] and so on without any luck.
A pointer please?
But, I need a way to not trigger on certain strings. For example "31B2F340-016D-11D2-945F-00C04FB984F9" which appear here and there in a High state.
How to I do this? I have one item:
eventlog[Application]
and twp triggers:
({Template_Windows:eventlog[Application].nodata(3600)}#1)&({Template_Windows:eventlog[Application].logseverity(4)}=4)
({Template_Windows:eventlog[Application].nodata(3600)}#1)&({Template_Windows:eventlog[Application].logseverity(2)}=2)
I have tried getting some kind of regex to exclude stuff in my item, like
eventlog[Application,!"string"] and so on without any luck.
A pointer please?
Comment