There are some apps which write useless crap to the Windows NT event log, and they are not configurable. However, there's also a lot of critical information that gets stored in the NT event log.

I know I can use filters when viewing the event log, but what I'd really like to do is figure out how to simply prevent certain events from getting logged at all, or to prevent certain processes from writing to the event log. That way, the log doesn't get filled up with useless crap and I don't have to filter each time I check my server event logs.

Anyone have any idea how to do this? I can't find anything at Microsoft's site.

I don't think that there's anyway to do exactly what you ask, but you might try investigating an Event Log to syslog gateway, as syslog can easily be configured to drop certain classes of information.

I was hoping for something simple that didn't involve redirecting or rewriting the log file....

I've found a couple of things which might help. I'm going to experiment with them:

- If the irritating app in question can be set to run under a different user name, I think you can set the security policy of that application in such a way so that it doesn't have the "Manage and audit logs" privilege.

- There is a setting under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application called "SOURCES" which has a list of services which can write to the log. If I'm lucky, simply deleting the offending app from this list will kill its ability to write to the log. Dunno yet, gotta experiment.