No Log forwarding after upgrade to Sysmon v9.01 RRS feed

  • Question

  • Hi,

    I've recognized, that I don't get logs in my SIEM after update to Sysmon v9.

    I'm doing this steps

    1. C:\Windows\sysmon64 -u for uninstall current installation
    2. C:\New\sysmon64 -i for installation of the latest version
    3. sysmon64 -c config.xml for configuration

    After this I see that sysmon is still writing events to Sysmon Event Log, but the SIEM agent doesn't forward them. After a restart of the Windows Event Service, sometimes additional a restart of the SIEM agent, events are collected again. 

    I only have this issue with Sysmon v9.01.

    Do you have any idea? 

    Thanks in advance.

    Monday, May 27, 2019 1:54 PM