Strange behaviour with 4624 and 4634 EventID
benno
I'm trying to collect EventID 4624 and 4634 for Logon Type 10, to store RDP access to my 2 Domain Controllers.
- same Windows version (2012 R2)
- same audit config in windows
- same NXlog version installed (community edition)
- same nxlog.conf file
My issue:
- from DC 1 I'm getting both 4624 and 4634
- from DC 2 I'm getting only 4634 :(
Additional info:
- in windows Event Viewer I have my 4624 in DC2 ...
- reinstalled nxlog
- rebooted my DC
- DEBUG level in nxlog but no evidence of problem
Thx a lot for your support, Benno
