Security NT Event based Rules fail to trigger

Article:TECH192225  |  Created: 2012-07-02  |  Updated: 2012-07-02  |  Article URL
Article Type
Technical Solution


Rules have been created to monitor for specific types of Application, System and Security based NT Events. Any Application or System based NT Event Rules properly trigger, however, no Security Event based Rules will trigger.


Security NT Event based Rules fail to trigger


Monitor Solution 7.1.7580

Event Console 7.1.7580







The Security based NT Event is configured to trigger as defined by the following threshold criteria:

If LogFile = Security AND If EventId = 4953 AND If Source = Microsoft Windows Security Auditing

The value for the Source field is incorrect. The value shown is entered based on the format as shown in the Security Log:





The correct format for the Source Field value is   Microsoft-Windows-Security-Auditing

Once this value has been changed accordingly, the Rule will properly trigger.


Article URL

Terms of use for this information are found in Legal Notices