Hello, I have a sensor created to monitor the Windows event log for new events containing a certain string in the event message. What I'd like to know is, can I search for multiple message strings with the same sensor using an OR operator or something similar? Or do I need to create a separate sensor for each string I'd like to monitor for?
Thanks!
Article Comments
Hi,
Have you tried to monitor event IDs that are related to the messages you are getting in Event Viewer? Based on that approach you can combine multiple IDs in Event Log (Windows API). By using Event Log (Windows API) you can enter a comma-separated list of event IDs to add more than one ID to the filter. The list of IDs can be added under Filter Event Log Entries > Filter by ID.
?
Jul, 2020 - Permalink
Hi,
Have you tried to monitor event IDs that are related to the messages you are getting in Event Viewer? Based on that approach you can combine multiple IDs in Event Log (Windows API). By using Event Log (Windows API) you can enter a comma-separated list of event IDs to add more than one ID to the filter. The list of IDs can be added under Filter Event Log Entries > Filter by ID. ?
Jul, 2020 - Permalink