I installed the tool on a Windows 2012 R2 server. Setup the subscription (Basic events: Application, System, Security). Logs going to my Solarwinds Orion syslog server (which we paid for) . I can see the logs in the syslog server but I don't get the expected info I want I get the following info from the logs:
<Servername> MSWinEventLog 6 System 9389 Tue Apr 24 15:14:38 2018 7036 Service Control Manager N/A Information <Servername> 0 The description for Event ID 7036 from source Service Control Manager cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.If the event originated on another computer, the display information had to be saved with the event.The following information was included with the event: Windows Update. FormatMessage failed with error 15033, The locale specific resource for the desired message is not present.
OR
<Servername> MSWinEventLog 5 Security 9387 Tue Apr 24 15:08:08 2018 4624 Microsoft-Windows-Security-Auditing N/A Audit Success <Servername> 12544 The description for Event ID 4624 from source Microsoft-Windows-Security-Auditing cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.If the event originated on another computer, the display information had to be saved with the event.The following information was included with the event: S-1-0-0. FormatMessage failed with error 1815, The specified resource language ID cannot be found in the image file.
OR
<Servername> MSWinEventLog 6 System 9374 Tue Apr 24 14:54:35 2018 16 Microsoft-Windows-Kernel-General S-1-5-18 N/A Information <Servername> 0 The description for Event ID 16 from source Microsoft-Windows-Kernel-General cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.If the event originated on another computer, the display information had to be saved with the event.The following information was included with the event: 33. FormatMessage failed with error 15100, The resource loader failed to find MUI file.
I get different severity levels (Info, Notice Warning) but the same error messages.
Any ideas?