I maybe missing something here and if I am I apologize but I would like the ability to apply stricter rules to event monitoring such as...
- Change the title of "Source Folder" to "Windows Log Name" in the "Threshold Item Window" It's less confusing as "Event Source" is another
- Specify the "Event Source", not the log name but the actual "Event Source" ie Log name="System" Event Source="Disk".
- Specify multiple "severity levels" so that critical and warning could be used instead of just one,
- Alert on all Event IDs that fall under a "Event Source" without the requirement that an ID be specified. Instead allow event ID's to be excluded as well. That way you can receive all potential alerts under the "event source" but exclude those that are just noise.
- Finally allow event log monitors to be grouped together and applied. In this way I could create several monitors, combine them into a group, and deploy and view them more easily.