On some machines we get more than 10.000 Application Information events every day. This makes review of the event log difficult as it's easy to miss events from other sources.
I guess the information could be useful in case of troubleshooting, but once the system is up and running, it's of no use.
Example from one machine that only has a "few":
Solved! Go to Solution.
Yes, you can run the sadmin command via a SC:Run Command client task (used for non-ePOmanaged policy/settings). In the client task, leave out the sadmin command (it's assumed); make sure your command is complete though (verify it does what you want on the client before running it via ePO client tasks).
Example:
event sink -r read_denied oslog
Yes you can modify "sadmin eventsink" if you want to remove differnt things from reporting where. But i would not really mess with that. What you really need to do is go through your events and exclude what you dont want to see.
Thanks.
I was able to remove the event in question on one client.
I guess it should be possible to run the sadmin CLI command from ePO to make the change on all my clients?
Yes, you can run the sadmin command via a SC:Run Command client task (used for non-ePOmanaged policy/settings). In the client task, leave out the sadmin command (it's assumed); make sure your command is complete though (verify it does what you want on the client before running it via ePO client tasks).
Example:
event sink -r read_denied oslog
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA