Hello,
I would like to set up sensors for various Event IDs in the System log. The problem is that Windows is using the same IDs for different messages.
How can I exactly filter out events with a specific string in them?
I noticed there is a hint in the sensor settings (Filter by Message > Exclude Filter > Match String (Event Message) that a % character should be used in this case.
Can you provide some examples of how to use this? In my case, I need to discard all Events with the following text in them: "Login failed for user".
Thank you
Article Comments
Can you try this settings?
Turn On:
Filter by User
Filter Type
Exclude filter:
Match String (Event User)
"Login failed for user"
Mar, 2023 - Permalink
Hi, I have tried using quotes and it didn't work, but encapsulating the string between two % signs did the trick (%Login failed for user%)
Hint from PRTG itself: "Enter the string that the sensor uses to filter for specific event messages. The sensor checks if this string is part of the message. You must use the percent sign % as wildcard if you want to check if the string is part of the message. Otherwise, the whole event message must match the string. Find more help in the PRTG Manual" Cheers
Mar, 2023 - Permalink
Hello KrystianWy,
Thank you for the post, which sensor type are you working with?
https://www.paessler.com/manuals/prtg/event_log_windows_api_sensor
What PRTG version do you have?
Regards, Oscar
Mar, 2023 - Permalink