This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Event Log Forwarder - Where is the Audit Failure Type?

Hi There,

I'm trialing Kiwi Syslog and I'm having trouble with the Log Forwarder and Security Event Log.  When I click on the Security Log I don't see Audit Success or Audit Failure as an event type.  It just has Error, Warning and Information.  If I manually edit the CFG file and add <int>16</int> it works, but then it gets overwritten if I make a change.  Am I doing something wrong?  How can I see Audit Failure as an Event Type?

Thanks,

Parents
  • Because of changes in the security event logs starting with Windows 2008, you will find these options under the Keywords section:

    lf.JPG

  • I have my client setup exactly like that and it doesn't seem to work.  In fact, when I setup a subscription for the Security log the service won't start.  If I delete the subscription it starts again.  Application and System logs work perfectly.

    Here is the error message I get when the service won't start.

    3/19/2015 9:54:38 AM - Unable to setup Windows Event Log subscribers.  Subscribe failed with error 15001, The specified query is invalid.

    3/19/2015 9:54:38 AM - Server Initialization Failed.  See previous event messages for reason.

    3/19/2015 9:54:38 AM - SolarWinds Event Log Forwarder for Windows; Service Stopped.

Reply
  • I have my client setup exactly like that and it doesn't seem to work.  In fact, when I setup a subscription for the Security log the service won't start.  If I delete the subscription it starts again.  Application and System logs work perfectly.

    Here is the error message I get when the service won't start.

    3/19/2015 9:54:38 AM - Unable to setup Windows Event Log subscribers.  Subscribe failed with error 15001, The specified query is invalid.

    3/19/2015 9:54:38 AM - Server Initialization Failed.  See previous event messages for reason.

    3/19/2015 9:54:38 AM - SolarWinds Event Log Forwarder for Windows; Service Stopped.

Children