I am trying unsuccessfully to set up my first exclude filter in EventSentryLight.
Steps I used to create filter:
1. Connected to the remote event log viewer in the EventSentryLight management console.
2. Right clicked the event and selected Add Exclude Filter
3. Gave the filter a name and associated it with the default package.
General Filter Settings
Actions: Checked trigger all actions.
Log: Checked Application
Event Severity: Checked Warning
Filter Settings: Exclude
Event Source: Microsoft Operations Manager
Category: MOM Agent
Event ID: 25012
Username: NT Authority\System
Computer: left blank
Content Filter & Notes: none
Clicked save.
I continue to receive this email re. this event.
EVENT # 17078
EVENT LOG Application
EVENT TYPE Warning
OPCODE Info
SOURCE Microsoft Operations Manager
CATEGORY MOM Agent
EVENT ID 25012
USERNAME NT AUTHORITY\SYSTEM
COMPUTERNAME VCENTER
DATE / TIME 12/7/2011 1:11:35 PM
MESSAGE The Application Event Log on computer '******\VCENTER' appears to have been cleared since it was last read. The Windows Event Log Provider may lose events whenever an event log is cleared.
What am I doing wrong?
Hi Blaine,
It sounds like you did everything correctly to configure this exclude filter. What you may want to try is instead of selecting 'trigger all options' is to only select the 'default email' action (or just one action that you wish to exclude and then once you're sure it's working you can add more actions to exclude if you need to.
Did you remember to save your configuration and push a configuration update out to your remote systems?
It looks like you're new here. If you want to get involved, click one of these buttons!