One of the events I have HostMonitor logging is changes to Security groups, such as when a member is added or removed. However some of the fields aren't resolving.
For example:
Code: Select all
Security Enabled Global Group Member Added:
Member Name: CN=Connie Smith,OU=users,DC=abcd,DC=com
Member ID: %{S-1-5-21-1001151481-496192404-929701000-3312}
Target Account Name: Downtown Users
Target Domain: ABCD
Target Account ID: %{S-1-5-21-1001151481-496192404-929701000-5845}
Caller User Name: administrator
Caller Domain: ABCD
Caller Logon ID: (0x0,0x1975460)
Privileges: -
Any idea why those aren't resolving properly? They show up correctly in the event log. It seems like any event with an "ID" field has that problem. I am using the %Reply% varaible, but %NTEventText% has the same problem.
HostMonitor 6.24 on XP with Server 2003 MsAuditE.dll in the DLL folder. The servers the events are being generated on are Server 2003.
Thanks