I'm trying to collect EventID 4624 and 4634 for Logon Type 10, to store RDP access to my 2 Domain Controllers.

• same Windows version (2012 R2)
• same audit config in windows
• same NXlog version installed (community edition)
• same nxlog.conf file

My issue:

• from DC 1 I'm getting both 4624 and 4634
• from DC 2 I'm getting only 4634 :(

Additional info:

• in windows Event Viewer I have my 4624 in DC2 ...
• reinstalled nxlog
• rebooted my DC
• DEBUG level in nxlog but no evidence of problem

Thx a lot for your support, Benno