Hi,
I am trying to create a rule to monitor errors in the event log but filter out those we know about.
Whenever I create an OR group followed by a series of AND groups once I save it combines the first to AND groups and removes the OR?
I have completely different checks within each AND so it's not like they could be in the same AND group.
Help, it is making me go mad
OR group (any of these are true)
AND group (all of these are true)
Event Level Equals Error
EventID Equals 22
AND group (all of these are true)
Event Level Equals Information
EventID Does not equal 11
once saved becomes
AND group (all of these are true)
Event Level Equals Error
EventID Equals 22
Event Level Equals Information
EventID Does not equal 11