Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Highlighted
Dreyk
New Member.
130 views

Full properties of Security log

Hello.

I have noticed that Microsoft Windows EventLog_Native connector didn't parse full properties for an event.

For example, 

- EventData

SubjectUserSid S-x-x-xxxxxxx
SubjectUserName Contoso_user
SubjectDomainName Contoso
SubjectLogonId 0x111111
ObjectServer DS
ObjectType %{GUID1}
ObjectName %{GUID2}
OperationType Object Access
HandleId 0x0
AccessList %%xxxx
AccessMask 0x1111
Properties %%xxxx {GUID3} {GUID4} {GUID1}
AdditionalInfo -
AdditionalInfo2

From Here I see in event viewer GUID1 and GUID2 but I can't see GUID4 and GUID3 from properties.

How can add GUID3 and GUID4 to parser to see in EV?

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.