Hi there,
I hate to ask this but we are seeing inconsistent results on our WMI
connector to w2k3 DC. Some events are not making there way to Sentinel
7 though they are in the security log of the DC. We are only at a 4-5
EPS rate on any of the two DC's. No pre-filtering is being used on the
connector and no Sentinel routing rules are active that would drop
events. Should all events in the Security Event log be fair game to be
processed by the WECS server?

This was noticed during testing with intentional incorrect credentials
but not seeing the events in Sentinel. No errors in the swecs.log


kmaule's Profile: https://forums.netiq.com/member.php?userid=306
View this thread: https://forums.netiq.com/showthread.php?t=46223