Rules have been created to monitor for specific types of Application, System and Security based NT Events. Any Application or System based NT Event Rules properly trigger, however, no Security Event based Rules will trigger.
Security NT Event based Rules fail to trigger
The Security based NT Event is configured to trigger as defined by the following threshold criteria:
If LogFile = Security AND If EventId = 4953 AND If Source = Microsoft Windows Security Auditing
The value for the Source field is incorrect. The value shown is entered based on the format as shown in the Security Log:
The correct format for the Source Field value is Microsoft-Windows-Security-Auditing
Once this value has been changed accordingly, the Rule will properly trigger.
Monitor Solution 7.1.7580
Event Console 7.1.7580
Imported Document Id
This is machine translated content
Login to Subscribe
Please login to set up your
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.