We have Windows Event Collection working with few issues as below. wondering if any one can help us, what could we do for this?
1) When i looked at the collector events are recorded not exactly the same and some are replaced with the code number. Then when i go back to client client has the full information
Events on Collector
10/11/2013 08:13:03 AM LogName=Microsoft-Windows-AppLocker/EXE
and DLL SourceName=Microsoft-Windows-AppLocker EventCode=8004 EventType=2 Type=Error ComputerName= hostname User=mmurtrie Sid=S-1-5-21-948756243-734778046-674738317-13796 SidType=1 TaskCategory=None OpCode=Info RecordNumber=95132 Keywords=None Message=%11 was prevented from running.
Event on Client (Server)
Log Name: Microsoft-Windows-AppLocker/EXE
and DLL Source: AppLocker Event ID: 8004 Level: Error User: domain\username OpCode: Info Logged: 11/10/2013 8:13:03 AM Task Category: None Keywords: Computer: hostname Message: %SYSTEM32%\CMD.EXE was prevented from running.
2) On Collector server event are not displaying correctly
The description for Event ID 16397 from source NfsClnt cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.