AD FS Auditing Events Dropping from Windows Pack

Question

The Microsoft Windows Events pack is currently dropping "SourceName=AD FS Auditing" events from the Security logs. I found the two lines that are not properly filtering the events.

Pipeline: Windows Classic Events, "Final Cleanup" lines 27 & 28, (Serialize & Eval).

I turned it off, but still working to get the events to not drop and convert to json.

Q: Wondering if this filter is currently being updated/corrected?

Jon Rust · Answer

There is an update to the Windows Pack coming soon. Big, enormous update. But just in case, if you could send a sample of the events being missed, Ill get with the Pack author (Amazin David Maislin) to make sure we handle this correctly. (DM in Slack would be best.)

Reply

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded