Windows Event Logs Alerts
I'm trying to parse down the amount of data in an alert message for a windows event log. Is there any way of just parsing this
<@fld61:*PARMVAL(event_user)><@utcstamp:*UTC($MSG,'%B %D %N:%U:%O %W',datetime)><@groupid:*PARMVAL(user_id)><@username:*PARMVAL(group)><@category:Account_Management> <@event_user:*RMQ(event_user)><event_log>,<linenum>,<day> <datetime>,<event_id>,<event_source>,<event_user>,<event_type>,<event_computer>,<category>,<data>,<event_description>: <space> Member Name: <misc_name> Member ID: <misc_id> Target Account Name: <group> Target Domain: <domain> Target Account ID: <user_id> Caller User Name: <c_user_name> Caller Domain: <c_domain> Caller Logon ID <c_logon_id> Privileges: <privileges>
down to just a few of the variables? The alert goes out to an on-call phone and dealing with the wall of text is painfull.
You could try just not putting the Message Text in the output action...you should be able to pick enough of the information to give the Oncall person an idea about what the alert is about without sending all of the info.