none
Sysmon and events are showing the old IP after changing the IP address RRS feed

  • Question

  • Dears,

    I am running SYSMON on windows machines.

    I noticed that when I change the IP address the SYSMON and Event Viewer logs are showing the old IP as Originating Computer and not the new configured IP.

    I faced this problem on windows7 and windows10

    Any idea how to fix this issue?

    Regards

    Nabil

    Monday, January 20, 2020 8:46 AM

All replies

  • I can't repro..

    WIndows 10 VM completely patched, SYsmon 10.42

    Started with th eDHCP address 192.168.0.124

    Moved to a fixed IP address 192.168.0.200

    Then back to DHCP

    As you can see I get all the correct data and IP address..

    What OS are you running on? what version of Sysmon are you running?

    HTH
    -mario

    Tuesday, January 21, 2020 12:57 PM