A large number of events with unique event IDs trigger the 'Error in Windows Event Log' alert. I want to be able to filter on certain event IDs and mark those alerts as "high priority".
Any suggestions?
Do you mean you want to alert on Error Events in your Log? If so - you need to:
1. Create new template with "Windows Event Log Monitor" component > configure rules to trigger on all errors (or you can define a scope as well by using various filters and settings within component) > configure threshold to report on events "count" > then attach this template to your server.
2. Create alert to trigger whatever actions you need (email for example) when component on this server goes critical or warning
I have an alert which is triggered whenever
Node status is not equal to down
AND
component (application) Errors in Application Event Log OR IIS errors in Application Event Log is equal to down.
However, this leads to a lot of windows events triggering the alert. To minimize instances of false alarms or be able to mark those alerts that are triggered by some specific events, I want to mark the emails as "high priority".
For that, I need a list of event IDs with their description.
How should I approach the problem?
My Friend, it sound that this is exact question you need to answer yourself. If you want to alert on all errors - this is what you have done. If you are not happy with the amount of errors that you receive and you want to filter only those that you want to receive - I guess you are the only one who can really answer this question. I would search on Microsoft web-site for any references/lists of all possible Errors - it is going to be pretty extensive I think... Then just setup filter in your Application App to only go red on those errors that you want
