cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AD Path Eventlog Only Scanning

mrdaytrade
Engaged Sweeper III
Under Scanning, Scanning Targets, I have Active Directory Path(Eventlog only) enabled pointing at our Domain Controller OU. It's set to run every 15 minutes. I have 23 DCs that get scanned. I'm looking for Microsoft-Windows-Security-Auditing 4729. This is to detect when a member is removed from a security-enabled global group. I've noticed that some 4729 events are not getting logged by Lansweeper on different DCs, even though the event is there if I check the DCs event log on the server itself just to make sure it's not getting overwritten. Performing a manual scan does not help either. The event log is getting scanned as I can see recent dates and times when I am on the asset page, event log tab, Event Source (All Sources). It just seems to be hit or miss for the Microsoft-Windows-Security-Auditing events.


All DCs are VMs Win 2012 R2 x64. EventID 4729 is not in the Scanning Exclusion list as it is getting picked up on some DCs, but not always. To complicate it even more, on that same DC, a new EventID 4729 will get picked up in a future scan, but miss ones that were only an hour earlier.


Thanks for your help.
Anthony
0 REPLIES 0