Security NT Event based Rules fail to trigger

Article:TECH192225  |  Created: 2012-07-02  |  Updated: 2012-07-02  |  Article URL http://www.symantec.com/docs/TECH192225
Article Type
Technical Solution


Issue



Rules have been created to monitor for specific types of Application, System and Security based NT Events. Any Application or System based NT Event Rules properly trigger, however, no Security Event based Rules will trigger.


Error



Security NT Event based Rules fail to trigger


Environment



Monitor Solution 7.1.7580

Event Console 7.1.7580

 

 

 

 

 


Cause



The Security based NT Event is configured to trigger as defined by the following threshold criteria:

If LogFile = Security AND If EventId = 4953 AND If Source = Microsoft Windows Security Auditing

The value for the Source field is incorrect. The value shown is entered based on the format as shown in the Security Log:

 

 

 


Solution



The correct format for the Source Field value is   Microsoft-Windows-Security-Auditing

Once this value has been changed accordingly, the Rule will properly trigger.

 




Article URL http://www.symantec.com/docs/TECH192225


Terms of use for this information are found in Legal Notices