cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Events from Event Log Forwarder

Good day!

Does anyone know why and how to get Windows Active Directory events from the Event Log Forwarder to show up in the SEM Console under All Events or anywhere there? The Active Directory events do get forwarded to a the SEM database but they do not show up in the SEM Console under Filters.  We created a filter to monitor AD Events such as 4625 or 4740 and don't see it anywhere on the SEM Console.

 

Thank you!

 

0 Kudos
3 Replies

Hello,

In the SEM Filters, you can see only the normalised events. The forwarded logs are the raw logs which are not displayed. You can find more here https://documentation.solarwinds.com/en/success_center/SEM/content/Admin_Guide/New_In_6_5/SEM-Log-Fo...

I hope this helps.

 

0 Kudos

Hi Vitezslav,

Just seeing your response.

Well, we want SEM to normalized those logs instead of forwarding them elsewhere.  We want to use SEM to be able to filter them.  How can do do that? 

 

Thank you!

0 Kudos

I see. It might happen that those events are "Unmatched" events that we can not normalize. If there is not such an event, SEM does not process them at all. The best you can do, open a support ticket. They will guide you through the process that is very smooth. We would need the exported Event from Filter for the "Unmatched" events. Or the source file if there are no events at all.  

0 Kudos