The description for Event ID from source Microsoft-Windows-Security-Auditing cannot be found


The description for Event ID from source...

geneva

After setting up supercharger, and subscription is health, I got below errors on all forwarded event in the event viewer:
The description for Event ID from source Microsoft-Windows-Security-Auditing cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

Can you help me with this please? 
Tamas Lengyel

geneva - 11/17/2020
After setting up supercharger, and subscription is health, I got below errors on all forwarded event in the event viewer:
The description for Event ID from source Microsoft-Windows-Security-Auditing cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

Can you help me with this please? 

Microsoft says at https://docs.microsoft.com/en-us/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection#what-format-is-used-for-forwarded-events
WEF has two modes for forwarded events. The default is “Rendered Text” which includes the textual description of the event as you would see it in Event Viewer. This means that the event size is effectively doubled or tripled depending on the size of the rendered description. The alternative mode is“Events” (also sometimes referred to as “Binary” format) – which is just the event XML itself sent in binary XML format (as it would be written to the evtx file.)
In Supercharger, you can change the Content Format in the Subscription Policy. Default and recommended value is RenderedText.

GO


Similar Topics


Reading This Topic


Login
Existing Account
Email Address:


Password:


Select a Forum....








LOGbinder Forum


Search