In search of a possibility to prevent the flooding of the "Microsoft Office Alerts" event log with EventID 300 messages I found out, that there seems to be some kind of filter mechanism for events. I created a value FilterID under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\OAlerts and a corresponding key under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Filters\300: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Filters\300][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\OAlerts] "FilterID"="300" This prevented Office from writing any events to the Microsoft Office Alerts event log. I found that there can be some more values below the ..Filters\<Keyname> key: Selectors and Suppressors with the type REG_MULTI_SZ (other types lead to error messages in eventvwr). Is there a documentation for these values?

Creating a Custom View or Filter Current Log do not prevent the writing of Events. They filter the log so that only those reports matching the selection criteria are displayed. Some logs contain reports for more than one Event ID. You can enter the Event ID numbers you wish to see displayed and the list (View) resulting excludes other Event ID contained in the log. You can create a Custom View by Source on Office Alerts e.g. I selected Outlook and the list only listed those relating to Outlook.Hope this helps, Gerry

I'm aware of the Custom View and Filter Current Log mechanisms. I wanted to prevent the creation of the events in the first place and discovered something that is not related to Custom View and Filter. I assume the purpose of WINEVT\Filters is only known to Microsoft.

You can disable certain logs.Hope this helps, Gerry