Using WECS to try and collect the logs from the NTLM Operational log. I
am successfully getting Security logs from WECS. So I configured my
Windows devices to log the 800X events to the NTLM logs and added the
following to EventLogQuery for the event source in question:
Microsoft-Windows-NTLM/Operational,"EventCode = 8001 OR EventCode = 8002
OR EventCode 8003 OR EventCode 8004"

I have restarted the event source in the ESM as well as the WECS service
account on the device to no effect. Like I said I am successfully
getting Security logs from this device, but I can't get this logging to
work. What might I be missing?


--
psmcgovern
------------------------------------------------------------------------
psmcgovern's Profile: https://forums.netiq.com/member.php?userid=5730
View this thread: https://forums.netiq.com/showthread.php?t=55059