I have NTEVL 3.85 running and created a couple of profiles to search for a particular Message String, all of the other fields are '*'.
I then went to the Alarm/Post tab and set the severity level to CRITICAL. When the alarm came in it still came in at the severity level as defined in the Windows event log. I read through the help document and found the following;
"Note: The critical level is supported by Windows Server 2008 only."
However I am running this probe on a Windows 2008 Server. For now I have a small script that runs in the NAS that escalates the event to CRITICAL severity from the NAS when it comes in based on the message string (not tested yet but I am hoping it works) but the problem I have is that one of the profiles I created in NTEVL does not rely on a message string, just the fact that an event came from a specific source and has a specific event ID. The AO preprocessing does not have a field I can use for event ID or event source.
Any ideas? Should CRITICAL level be working?