I am confused on how to use Content filters. I am trying to exclude an event ID 10100 (google update service stopped). I want to still be notified of all other 10100 events.

I have created an EXCLUDE filter for 10100, and in the "Content Filters" section, I added a Wildcard of *Google*. This does not work. It still notifies me of every 10100 event related to Google.

So my question is: When you EXCLUDE filter something, and then add a content filter wildcard on top of that, does that make it ONLY notify you of events that have the wildcard in it, OR, does it notify you of every event EXCEPT the ones with the wildcard match?

I hope this makes sense.




  • Hi Ben,

    In your case where you want to be alerted of all event ID 10100 events except for the google update service, you'd want to use the content filter. When the content filter is used, it will only exclude the event if that matches that filter.

    When you created the exclude filter, did you push the updated configuration to all your remote machines? This can be done in the EventSentry management console by going to Remote > Update Configuration and then clicking the green arrow.

