Hi Guys,
Could use some advise on what everyone uses to accomplish this, we need to be aware of the majority of warnings and errors in both system and application logs as a standard monitor set.
I've created a fairly basic set of 4 monitors that do this (2 for each log, warning and errors), but my question is how do i exclude events properly. I can't risk excluding just by ID as we know ID's are shared by different event sources. Ideally i need to filter out by EVENT-SOURCE & EVENT ID.
Is this possible using the filter excluding field and if so could someone drop me an example. Also, if anyone has a decent template Windows event monitor set in KNM they would like to share, that would be great :)