Problem logging Event ID in Solar Winds

So I have something that's really puzzling me here, I have GPO Auditing rolled out across our DC's and I've configured Solar Winds to collect and tag events based on Event id. 

This is all good for group members being added, or removed along with a load of other things being captured, but for some reason it will not capture event id's relating to group policy, even though I can see those events in the event viewer itself, I  just don't get why. 

I've configured these under custom rules, everything seems to work but the the group policy stuff, I can there is pre-processing and postprocessing rules, I am not sure how they work and if the reason it's not working is somehow related to me not configuring anything in there?

Parents
  • The issue you're facing with SolarWinds not capturing group policy event IDs might stem from misconfigured pre/post-processing rules. These rules could be unintentionally filtering out group policy events. Ensure that custom rules include the correct event IDs for group policy. Also, verify that nothing in the pre/post-processing, such as event exclusions, is affecting the capture. If you're also working with media or editing apps like Capcut, ensure those configurations are similarly adjusted to avoid filtering out important data. Double-checking all these settings should resolve the issue.

Reply
  • The issue you're facing with SolarWinds not capturing group policy event IDs might stem from misconfigured pre/post-processing rules. These rules could be unintentionally filtering out group policy events. Ensure that custom rules include the correct event IDs for group policy. Also, verify that nothing in the pre/post-processing, such as event exclusions, is affecting the capture. If you're also working with media or editing apps like Capcut, ensure those configurations are similarly adjusted to avoid filtering out important data. Double-checking all these settings should resolve the issue.

Children
No Data