I'm required to alert on Security Event Log ID: 517 , audit log clearing events, and for some reason they are not forwarded using the event log forwarder. I verified the security log is set to be forwarded. I map a drive to to the system to create security events and I see them in the syslog viewer and on orion portal. I clear the log without saving, causing a 517 event in the security event log, but that single event is never forwarded. It allows individuals to cover their tracks without notification. Has anyone else experienced this issue?
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community.
More than 150,000 members are here to solve problems, share technology and best practices, and directly
contribute to our product development process.
Learn more today by joining now.