Datto RMM: Event Log Monitor: Filtering Event Descriptions

Follow

Topic

This article describes how to use filter Windows event log descriptions from alerts using the Event Log Monitor.

Environment

  • Datto RMM

Description

When using an Event Log Monitor, you can filter the alert criteria based on the event description or message body by using the (-) character in the Event Descriptions field. This ensures that the Event Log Monitor only triggers and sends alerts based on criteria you find relevant.

Figure 1: Event Descriptions (click to enlarge)

The example in Figure 1 displays two errors in the Windows event log with the Event ID 16387. You would want to exclude any event that contains the Error Code 0x80070002 in its description.

Figure 2: Two example errors (click to enlarge)

To accomplish this, you can enter the (-) character and the Error Code in the Event Descriptions field:

-"Error Code: 0x8007000"

You can also enter only the value of the Error Code:

 -"0x80070002"

Another example has a Windows installer event with an Event ID of 1040. You would want to filter Datto RMM installation events.

Figure 3: Event 1040 (click to enlarge)

You can use the wildcard character (%) to filter all events that trigger in a directory path:

-"%C:\ProgramData\Centrastage\Packages%"

You can also add multiple filters by separating each string with a space:

-"0x80070002" -"0x80041326" -"%0x80070002%"

Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Want to talk about it? Have a feature request?

Head on over to our Community Forum or get live help.