No Event Code 1024 appear

g_paternicola · ‎10-25-2021

Hello everyone,

I have the following inputs.conf file which is actually working for the first 2 stanza, but not for the third one. could someone please tell me why? I do not get any events from them.

[WinEventLog://Security]
disabled = 0
renderXml = 1
start_from = oldest
current_only = 0
evt_resolve_ad_obj = 1
checkpointInterval = 5
sourcetype = XmlWinEventLog
index = ad
whitelist1=4624,4769,4728,4732,4756,4761,4751,4746

# This stanza will send all events for the event_code 21
[WinEventLog://Microsoft-Windows-TerminalServices-LocalSessionManager/Operational]
disabled = 0
renderXml = 1
sourcetype = XmlWinEventLog
index = ad
source="XmlWinEventLog:Microsoft-Windows-TerminalServices-LocalSessionManager/Operational"
whitelist2=21

# This stanza will send all events for the event_code 1024
[WinEventLog://Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational]
disabled = 0
renderXml = 1
sourcetype = XmlWinEventLog
index = ad
source="XmlWinEventLog:Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational"
whitelist3=1024

Thank you very much for helping me!

No Event Code 1024 appear

Application management with Targeted Application Install for Victoria Experience

Index This | What goes up and never comes down?

Splunkers, Pack Your Bags: Why Cisco Live EMEA is Your Next Big Destination

Join the Conversation

No Event Code 1024 appear

Application management with Targeted Application Install for Victoria Experience

Index This | What goes up and never comes down?

Splunkers, Pack Your Bags: Why Cisco Live EMEA is Your Next Big Destination