Does anyone know why and how to get Windows Active Directory events from the Event Log Forwarder to show up in the SEM Console under All Events or anywhere there? The Active Directory events do get forwarded to a the SEM database but they do not show up in the SEM Console under Filters. We created a filter to monitor AD Events such as 4625 or 4740 and don't see it anywhere on the SEM Console.
In the SEM Filters, you can see only the normalised events. The forwarded logs are the raw logs which are not displayed. You can find more here https://documentation.solarwinds.com/en/success_center/SEM/content/Admin_Guide/New_In_6_5/SEM-Log-Fo...
I hope this helps.
Just seeing your response.
Well, we want SEM to normalized those logs instead of forwarding them elsewhere. We want to use SEM to be able to filter them. How can do do that?
I see. It might happen that those events are "Unmatched" events that we can not normalize. If there is not such an event, SEM does not process them at all. The best you can do, open a support ticket. They will guide you through the process that is very smooth. We would need the exported Event from Filter for the "Unmatched" events. Or the source file if there are no events at all.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.