my client uses a UF to forward Data from a Windows 2000 server. They try to collect Winevents.
The collection itself seems to work, but we only see Application logs in Splunk. For both other event logs we get:
WinEventLogChannel - init: Failed to bind to DC, dc_bind_time=9047 msec
WinEventLogChannel - Initialized Windows Event Log='Security' Success; oldest_rec_id='0'; newest_rec_id='0'; total_rec='0'
Which actually means that Splunk can not find any logs, but why?
imho its not supported
Thanks for you comment. I read similar, but I also read that Forwarding at least should work. As I said, we are just receiving Application Logs from that host - this works fine. But only no Security or System logs. (inputs.conf is fine)