NT Event log - Group event problems

All questions related to installations, configurations and maintenance of Advanced Host Monitor (including additional tools such as RMA for Windows, RMA Manager, Web Servie, RCC).
Post Reply
nate-boit
Posts: 33
Joined: Thu Sep 28, 2006 2:50 pm

NT Event log - Group event problems

Post by nate-boit »

Hello again.

One of the events I have HostMonitor logging is changes to Security groups, such as when a member is added or removed. However some of the fields aren't resolving.

For example:

Code: Select all

Security Enabled Global Group Member Added:
Member Name: CN=Connie Smith,OU=users,DC=abcd,DC=com
Member ID: %{S-1-5-21-1001151481-496192404-929701000-3312}
Target Account Name: Downtown Users
Target Domain: ABCD
Target Account ID: %{S-1-5-21-1001151481-496192404-929701000-5845}
Caller User Name: administrator
Caller Domain: ABCD
Caller Logon ID: (0x0,0x1975460)
Privileges: -
Whereas the Member id should be something like "ABCD\csmith" and the Target Account ID should be something like "ABCD\DowntownUsers"

Any idea why those aren't resolving properly? They show up correctly in the event log. It seems like any event with an "ID" field has that problem. I am using the %Reply% varaible, but %NTEventText% has the same problem.

HostMonitor 6.24 on XP with Server 2003 MsAuditE.dll in the DLL folder. The servers the events are being generated on are Server 2003.

Thanks
KS-Soft
Posts: 13012
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA
Contact:

Post by KS-Soft »

HostMonitor does not resolve GUIDs and registry keys. Should it? Ok, we can implement that in future versions...

Regards
Alex
Post Reply