Werk #19189: Windows Event Log monitoring: Extended filtering options
| Component | Checks & agents | ||
| Title | Windows Event Log monitoring: Extended filtering options | ||
| Date | Feb 25, 2026 | ||
| Level | Prominent Change | ||
| Class | New Feature | ||
| Compatibility | Compatible - no manual interaction needed | ||
| Checkmk versions & editions |
|
Windows Event Log monitoring now supports additional filtering options that allow users to restrict processed events by Event ID, Event Source, Event User, or message pattern using regular expressions. These filters can be configured and combined directly within the rule set at:
Setup → Agents → Windows, Linux, Solaris, AIX → Agent rules → Fine-tune Windows event log monitoring.
By actively configuring these filters, users can reduce noise from irrelevant events, target alerts more precisely, and improve monitoring accuracy, especially in large environments. If the new filters are not configured, existing monitoring behavior and alerting remain unchanged.