I think I’m not alone in finding the Service Control Manager logs so many informational events as to make it hard to read the important events in the System Event logs on modern Windows systems.
I’ve used custom XPath queries of Event logs before, and decided to define a Custom view of the System event log that suppresses the events generated by the Service Control Manager that are in the Informational or Verbose catergories. Here’s the XML that defines this custom view:
<QueryList> <Query Id="0" Path="System"> <Select Path="System">*</Select> <Suppress Path="System">*[System[Provider[@Name='Service Control Manager'] and (Level=4 or Level=0 or Level=5)]]</Suppress> </Query> </QueryList>
References:
