Kaseya Community

How can we exclude certain Event log monitors that contain a string in Description

This question is answered

Is there a way we could exclude matching on certain events -- in the case with this System error 55 we'd like not to be notified if the description contains "VolumeShadowCopy".  Is that doable?

Log: System

Type: Error
Event: 55
Alert Time: 2015-07-23 10:14:02Z
Event Time: 05:12:48 PM 23-Jul-2015 UTC
Source: Ntfs
Category: (2)
Username: N/A
Computer: PC-2
Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy5.

Verified Answer
  • Hi  

    You can ignore this specific event from alerting with the following configuration:

    This would ignore anything with the Source 'Ntfs', Event ID 55, and anything that has the word "*VolumeShadowCopy*" in the description.

    If this does not stop this alert from triggering, we may need to see your current configuration for monitoring event log alerts.

    Best,

    Nicolas

All Replies
  • Oh, is this the correct way to do it?  See attached screenshot (the first column is the Ignore column)


  • Hi  

    You can ignore this specific event from alerting with the following configuration:

    This would ignore anything with the Source 'Ntfs', Event ID 55, and anything that has the word "*VolumeShadowCopy*" in the description.

    If this does not stop this alert from triggering, we may need to see your current configuration for monitoring event log alerts.

    Best,

    Nicolas

  • I sent my first post before I saw your update.

    You would want to add another asterisk at the end to capture the remaining characters after the word 'VolumeShadowCopy'.

    Best,

    Nicolas

  • ok thanks Nicolas!