Assistance with retrieving EventDescription info for Event Log monitoring

anthony strother 336 Reputation points
2022-11-21T14:57:17.227+00:00

Morning,
I setup a Windows Event Log monitor for Event ID 389, which is an AD FS Event ID. I setup the monitor as follows:
Event ID Contains 389
EventDescription Contains Additional Details:

Here is the info in the log for that Event ID. I need to capture the info after Additional Details:
262618-eventid389-ad-fs-2.png

Any and all assistance is greatly appreciated.
Tony

Operations Manager
Operations Manager
A family of System Center products that provide infrastructure monitoring, help ensure the predictable performance and availability of vital applications, and offer comprehensive monitoring for datacenters and cloud, both private and public.
1,442 questions
{count} votes

2 answers

Sort by: Most helpful
  1. SChalakov 10,371 Reputation points MVP
    2022-11-22T10:10:16.577+00:00

    Hi,

    can you please try and use EventDescription as an additional criteria, instead of Prameter 1, like described here:

    EVENT DESCRIPTION PATTERN MATCHING (WITH MINIMAL IMPACT)
    http://blog.scomskills.com/event-description-pattern-matching-with-minimal-impact/

    Can you please give it a go and let me know how it looks like?

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
    Regards
    Stoyan Chalakov

    1 person found this answer helpful.
    0 comments No comments

  2. anthony strother 336 Reputation points
    2022-11-22T13:48:41.727+00:00

    Morning and thank you. I will try that and post the result.

    0 comments No comments