Zenoss ZenTech Community

I've got my Windows Server monitored via WinRM. I have added two evenlog data sources to a monitoring template (System and Application). While is certainly does monitor those two event logs, I'm getting events for every event instead of Warning or Higher as per https://support.zenoss.com/hc/en-us/articles/203241949-How-to-Capture-Windows-System-Events-in-Resource-Manager

{ $$_.Level -le [System.Diagnostics.Eventing.Reader.StandardEventLevel]::Warning }

I dont care about informational events, just warning and higher. Windows zenpack 2.6.12 and PythonCollector 1.8.1. I had updated to the latest Windows zenpack 2.7.1 but ran into issues so I re-installed the previous version.

Subject:	RE: Zenoss 4.2.5 event monitoring
Author:	R S
Posted:	2017-06-02 10:05

This thread of mine seems to be missing the rest of the discussion since the forum "upgrade". Anyway, looking to bump this up as it's still not working

------------------------------
R S
------------------------------

Subject:	RE: Zenoss 4.2.5 event monitoring
Author:	Brian Schimmoller
Posted:	2017-06-02 11:11

I was having a similar issue the other day with the PowerShell filter. It would filter my System logs, but not my Application logs. I ended up using the XML filter instead and it's working across all of my systems:

<QueryList>
<Query Path="System" Id="0">
<Select Path="System">*[System[TimeCreated[timediff(@SystemTime) <= {time}] and (Level=1 or Level=2 or Level=3)]]</Select>
</Query>
</QueryList>

Subject:	RE: Zenoss 4.2.5 event monitoring
Author:	R S
Posted:	2017-06-16 10:05

Thanks. I'll give this a shot

Subject:	RE: Zenoss 4.2.5 event monitoring
Author:	R S
Posted:	2017-06-16 10:29

wait, what do I have to change in order to make that XML work on the application log? I swapped out "system" for "application" but that didn't work

------------------------------
R S
------------------------------

Subject:	Zenoss 4.2.5 event monitoring
Author:	R S
Posted:	2017-04-21 15:55

Zenoss 4.2.5 event monitoring