Kaseya Community

Need help Ignoring a security event id

  • I want to ignore this alert:
    Log: Security
    Type: Failure Audit
    Event: 680
    Agent Time: 5:46:12 pm 21-Sep-08
    Source: Security
    Category: Account Logon
    Username: ******
    Computer: ****
    Description: Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    Logon account: ******
    Source Workstation: iPhone
    I want to continue receiving Event IDs 680, but Not this particular one. If I add a new line to the event set (Source filter=Security, Event ID=680, Description Filter=*iPhone*) will it…..
    1.) Ignore this event, and
    2.) Still give me all of the other 680 events?

    Any help is appreciated!

    Legacy Forum Name: Need help Ignoring a security event id,
    Legacy Posted By Username: pbrophy
  • If you add the ID680 with the description filter as an "ignore" to your event set, then yes, you should stop receiving these events and still get all the other ones.

    Legacy Forum Name: Event Sets,
    Legacy Posted By Username: Lmhansen