Ah, just FYI, there seems to be multiple wildcard characters that have different behaviors (from what I am seeing in SCOM 2012 R2):
? - Any character # - Any digit * - Any character, 0 or more matches Beyond that, I'll step aside and let a more experienced person answer. Thanks, Geoff From: [email protected] [mailto:[email protected]] On Behalf Of Orlebeck, Geoffrey Sent: Wednesday, March 11, 2015 1:34 PM To: '[email protected]' Subject: [msmom] RE: SCOM Rule for Event Log Monitoring not working as expected I read the TechNet link you posted stating '*' is the wildcard character, but just to throw it out there, I am used to seeing the wildcard represented by '?' in SCOM 2012 R2. To qualify that, I've only setup wildcard matches for dynamically populating groups and not event log monitoring, so maybe they are different. I'm certainly no expert, but just a thought. Thanks, Geoff From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Nelson, Geoffrey D Sent: Wednesday, March 11, 2015 1:27 PM To: [email protected]<mailto:[email protected]> Subject: [msmom] SCOM Rule for Event Log Monitoring not working as expected We are trying to monitor when someone who is not a Domain Admin creates a GPO whose name starts with a particular keyword (or when someone renames an existing GPO to start with this keyword.) All of our Domain Admins' user names begin with a common prefix, for example let's say DA-. I have created a Rule as seen below, but it will generate an alert even if the keyword appears anywhere in the name of the GPO, despite the configuration for Parameter 14 matches wildcard keyword*. According to everything I can find, this should work as I intend, and alert only when the GPO's name begins with the keyword, not when they keyword appears anywhere in the name. It is acting like I have set matches wildcard *keyword* when that is not what I have specified. "Matches wildcard - The string specified in Value matches the string including wildcard. The wildcard character is * and represents any number of characters." (Source: https://technet.microsoft.com/en-us/library/hh457585.aspx) Does anyone see anything wrong with the configuration as seen below? (I have verified that the parameters numbers are correct.) [cid:[email protected]] ------------------------------------------------ Geoff Nelson Lead Systems Administrator ITS - Systems Enterprise Systems Management Confidentiality Notice: This is a transmission from Community Hospital of the Monterey Peninsula. This message and any attached documents may be confidential and contain information protected by state and federal medical privacy statutes. They are intended only for the use of the addressee. If you are not the intended recipient, any disclosure, copying, or distribution of this information is strictly prohibited. If you received this transmission in error, please accept our apologies and notify the sender. Thank you. Confidentiality Notice: This is a transmission from Community Hospital of the Monterey Peninsula. This message and any attached documents may be confidential and contain information protected by state and federal medical privacy statutes. They are intended only for the use of the addressee. If you are not the intended recipient, any disclosure, copying, or distribution of this information is strictly prohibited. If you received this transmission in error, please accept our apologies and notify the sender. Thank you.
