Is it possible to ignore certain events in agent log monitoring?
The reason I ask if that I have found that the security logs on many machines are filled with events 5152 and 5157 which is in turn taking a lot of space in my Kaseya database. I would like to monitor the security logs, but not these two events. Is this possible?
Thanks in advance.
Check out this wiki about the syntax for the blacklist, community.kaseya.com/.../449.aspx. I have done the exclusions on printers and terminal services, but not in the security log yet.
This link is also a good source. community.kaseya.com/.../54159.aspx
Thanks for the suggestion. In reviewing the example posted in that thread, I see that the second line is: <EventLogBlackList version="1.0">
In the evLogBlkList.xml file the first line is: <EventLogBlackList version="1.0" OverflowTime="3600" OverflowCount="1000">
Do I need to include the OverflowTime="3600" OverflowCount="1000" part in my file. If I do or don't, what effect will this have?
the event's will be ignorred by your agent, they won't even show up in your VSA as the agent just won't send them to the server. The OverflowTime and Count are for when your agent get's X amount of eventlogs in X amount of time it will quit sending for the remainder of that time period. It's to keep agents from overloading your Kserver with massive amounts of logs when a Mahcine goes nutz.