I have been trying to configure the Syslog viewer to give me some events on Active Directory changes (Account create/delete, OU create Delete, etc). It works pretty well, but I have noticed that some events that appear in plain text within the Windows Event Viewer, end up looking like this: "a1990816-4298-11d1-ade2-00c04fd8d5cd". That string of characters when viewed in the Windows Event Log says "Replication Synchronization"
Is this just a shortcoming of any Syslog interpreter or do I have something misconfigured on the Solarwinds Log Forwarder (I have the facility set to User).
Where this is a problem is for the deletion of an OU. When I create an OU, the message from the DC tells me the exact name and location. But when I delete it, the only indicator that something happened is text that has "%DELETE".
Any thoughts on this?
