NTEVL Probe not generating alerts for events even though the ntevl.log shows the event.
In this example the Event is SUPPORT_TEST1 with EventID 510
Event.log:
ntevl: EvtFormatMessage failed: message or message id not found
ntevl: Error getting Task category for event DETAILS: Publisher: SUPPORT_TEST1 EventID: 510
ntevl: Level is :Warning
ntevl: updateRecord called Application 39166
ntevl: RecordHandler - log=0, count=0, number=39166
ntevl: Event excluded:Audit_Success :Application: 39166
Any NTEVL version
This issue is sometimes seen if the event in the profile is also configured in the NTEVL Exclude settings
**Review the ntevl log and look for "Event excluded" entries associated with the suspect Event
Example:
ntevl: Event excluded:Audit_Success :Application: 39166
**To resolve this issue, remove the target event from Exclude setting