I am attempting to test the built-in correlation rules and have
configured them with the proper Domain and UserNames in the dynamic
lists. I even got the rules to fire when I was using WMI to gather
logs. I recently switched to using Agent Manager and now I can't seem
to get any of my correlation rules to fire. I have undeployed and
redeployed and even restarted the whole machine. When I run tests
against the data from the rule interface it shows it should have fired,
but the rule isn't firing when the events come across. Is there
something different about how the events from Agent Manager are
processed over the WMI connector?


fevans's Profile: https://forums.netiq.com/member.php?userid=2603
View this thread: https://forums.netiq.com/showthread.php?t=48267