Is there a way we could exclude matching on certain events -- in the case with this System error 55 we'd like not to be notified if the description contains "VolumeShadowCopy". Is that doable?
Type: Error Event: 55 Alert Time: 2015-07-23 10:14:02Z Event Time: 05:12:48 PM 23-Jul-2015 UTC Source: Ntfs Category: (2) Username: N/A Computer: PC-2 Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy5.
You can ignore this specific event from alerting with the following configuration:
This would ignore anything with the Source 'Ntfs', Event ID 55, and anything that has the word "*VolumeShadowCopy*" in the description.
If this does not stop this alert from triggering, we may need to see your current configuration for monitoring event log alerts.
Oh, is this the correct way to do it? See attached screenshot (the first column is the Ignore column)
I sent my first post before I saw your update.
You would want to add another asterisk at the end to capture the remaining characters after the word 'VolumeShadowCopy'.
ok thanks Nicolas!