What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Filtering out unwanted events from WMI Event Log

Votes:

0

Hello,

I would like to set up sensors for various Event IDs in the System log. The problem is that Windows is using the same IDs for different messages.

How can I exactly filter out events with a specific string in them?

I noticed there is a hint in the sensor settings (Filter by Message > Exclude Filter > Match String (Event Message) that a % character should be used in this case.

Can you provide some examples of how to use this? In my case, I need to discard all Events with the following text in them: "Login failed for user".

Thank you

eventlog windows wmi

Created on Feb 28, 2023 3:45:16 PM



5 Replies

Votes:

0

Hello KrystianWy,

Thank you for the post, which sensor type are you working with?

https://www.paessler.com/manuals/prtg/event_log_windows_api_sensor

What PRTG version do you have?

Regards, Oscar

Created on Mar 3, 2023 11:15:09 PM by Oscar Chavarria [Paessler Technical Support]



Votes:

0

Hi there!

Sensor Type: WMI Event Log, my PRTG version is 22.4.81.1532+

Thanks

Created on Mar 8, 2023 9:52:46 AM



Votes:

0

Can you try this settings?

Turn On:

Filter by User

Filter Type

Exclude filter:

Match String (Event User)

"Login failed for user"

Created on Mar 10, 2023 8:23:27 PM by Oscar Chavarria [Paessler Technical Support]



Votes:

0

Hi, I have tried using quotes and it didn't work, but encapsulating the string between two % signs did the trick (%Login failed for user%)

Hint from PRTG itself: "Enter the string that the sensor uses to filter for specific event messages. The sensor checks if this string is part of the message. You must use the percent sign % as wildcard if you want to check if the string is part of the message. Otherwise, the whole event message must match the string. Find more help in the PRTG Manual" Cheers

Created on Mar 13, 2023 3:11:47 PM



Votes:

0

Thanks for coming back with the answer.

Cheers.

Created on Mar 15, 2023 11:18:50 PM by Oscar Chavarria [Paessler Technical Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.