Log File Policy - Entries exclusion
we have a log file entry policy that reads from the last modified log file in the logs folder , the policy matches the word "Error" in the log file entries and open an event after it found "Error" 5 times, we want to exclude multiple lines from being counted as it causes unneeded events , we found a solution to exclude one line by adding a suppress rule to match on the unwanted line , but when we try to exclude more than one line by adding more than suppress rule or adding the lines in one suppress rule with or condition , the result was random and the policy misbehave , Could anyone advise?
Did you try configure the policy to read from the last position instead from the beginning.
Edward Campos Monge.
Customer Support Engineer
If you find that this or any other post resolves your issue, please be sure to mark it as an accepted solution.
If you are satisfied with anyone’s response please remember to give them a KUDOS by clicking on the STAR at the bottom left of the post and show your appreciation.”
Yes i've tried to make it from last position and it didn't work also , did you tried before to add more than one supress rule and it worked normally?