Hi,
we have an issue on log collection of events for domain controller longest logs (e.g 5136), the log seems be truncated at 1K length.
During configuration of log collection we followed the guide and decided to use winrm.
Here a log truncation example:
%NICWIN-4-Security_5136_Microsoft-Windows-Security-Auditing: Security,rn=4801975039 cid=10592 eid=704,Tue May 22 10:00:43 2018,5136,Microsoft-Windows-Security-Auditing,,Audit Success,host001.company.it,Directory Service Changes,,A directory service object was modified. Subject: Security ID: S-1-5-21-199485690-3798236883-1769567645-21634 Account Name: host001$ Account Domain: company Logon ID: 0x560110035 Directory Service: Name: company.it Type: Active Directory Domain Services Object: DN: CN=Will Smith,OU=Contacts,DC=companyDC,DC=it GUID: {4D783A45-CBF2-4DA9-9613-C83C02896ED8} Class: contact Attribute: LDAP Display Name: policiesIncluded Syntax (OID): 2.5.5.12 Value: {26491cfc-9e50-4857-861b-0cb8df22b5d7} Operation: Type: Value Deleted Correlation ID: {7E6D4B7E-00D9-4B77-942B-4EF5F0164AFC} Application Correlation ID: -
Did you have the same issue? It is a collection-related problem or Active Directory related?
Thanks
