I'm trying to use the WindowsEventForwarder with a Windows Server2000 running Cisco Call Manager 4.1 which also runs the Cisco Security Agent. I disabled the CSagent, installed the WindowsEventForwarder, and then re-enabled the CSagent. However, the CSagent prevents the eventsyslogger.exe from calling the LoadLibraryExW function. i.e.: "The process 'c:\program files\solarwinds\windows event log forwarder\eventsyslogger.exe' (as user NT AUTHORITY\SYSTEM) attempted to call the function LoadLibraryExW("C:\WINNT\System32\MsAuditE.dll") from a buffer (the return address was 0x54b94c). The code at this address is '50c64304 00f6031f 75308b46 08ff5008 50e820c9 027c8943 7458c643 0401833d' This either happens when a process uses self-modifying code or when a process has been subverted by a buffer overflow attack. The operation was denied."
Has anyone else seen this problem? Is there a work-around or config change to CSagent to allow this?
-thanks
