Windows Eventlog - registry ref objects do not resolve

#1 mwber1 8 years ago

I am new and I apologies in advance if this question has been asked already.

Problem:

I am us nxlog to forward windows eventlogs (json format) to central logging system.

Not all object are resolved in the message … example.

Object: Object Server:

DS Object Type: %{e0fa1e8c-9b45-11d0-afdd-00c04fd930c9}

Object Name: %{cc0985a1-b646-4957-bb95-ac8fe9ad147a}

Question:

Is that normal or is there something I can do to resolve those references?

Permalink

#2 adm Nxlog ✓ 8 years ago

#1 mwber1

I am new and I apologies in advance if this question has been asked already. Problem: I am us nxlog to forward windows eventlogs (json format) to central logging system. Not all object are resolved in the message … example. Object: Object Server: DS Object Type: %{e0fa1e8c-9b45-11d0-afdd-00c04fd930c9} Object Name: %{cc0985a1-b646-4957-bb95-ac8fe9ad147a} Question: Is that normal or is there something I can do to resolve those references?

The NXLog EE has an option to resolve SIDs, that's pretty similar to this one. Not sure if that lookup would handle these object references as these look like a GUID. Do you know if these objects are supposed to be looked up from AD?

When you check the message in Event Viewer does it show the object references properly resolved?