My correlated alert uses a NOT LIKE comparison against the [CONTENT] variable of a message to take out messages during maintenance windows. This worked fine until a couple of weeks ago. I am not certain but it was about the time I put SP2 (before it was pulled) and the September ESU on my box. Maybe I have just gone nuts but if I have a NOT LIKE with .*/20..19|20|21|22):.* against the [CONTENT] variable envision should toss anything with a timestamp within the message like 10/15/2009:20:11:32 right?