ProfessorRegarding this statement:
3) We intentionally removed the option to set a Level filter to Informational
You may or may not be aware that Windows logs some important issues as Informational events. See event ID Microsoft-Windows-Security-Auditing/4740 for one example, and this (to me) is sufficient to counter this design decision. OTOH, that one example may be better handled with a script eventsource, but the point is that it should be possible to do what is needed in the normal eventsource since Windows is not smart about how it handles some events. It should be hard to enable (Advanced?) but possible.
I would also add a related note that the current FILTEREDEVENTS property filter matches only event ID, not event source and event ID. The former is not necessarily unique across events. I think the filtering should be against the tuple of event source and event ID. Then if you really want just the ID, you can certainly say */nnnnn in the filter.
Regards,
Mark
