How to exclude specific events from SystemEDGE Event Viewer monitoring.

Document ID : KB000047301
Last Modified Date : 14/02/2018
Show Technical Document Details

 

Summary:  

 

This article explains how to leverage Regular Expressions (PCRE) to exclude only specific errors or events from Windows Event Log monitoring.

 

 

Instructions:

 

1.  Enable PCRE (Perl Compatible Regular Expressions) within SystemEDGE.   

 

The parameter for this in the sysedge.cf file is use_pcre

 

2016-10-10_8-10-18.png

2.  Use the following Regular Expression syntax:

 

^(?!Error1|Error2).*

 

The above Regular Expression will ignore Error1 or Error2 but will match everything else.

 

Here is an example of how to use this Regex for for event id monitoring

watch ntevent 12 0x0 system warning .* ^(?!\[7036\]|\[4040\]).* TEST-DESCRIPTION2 '' warning

 

The above Regular Expression will ignore event id 7036 or 4040 but will match everything else.


Here is an example of how to use this Regex for for event id monitoring


watch ntevent 11 0x0 system warning .* ^(?!test-error1|test-error2).* TEST-DESCRIPTION '' warning

 

The above Regular Expression will ignore test-error1 or test-error2 but will match everything else.