You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm curious to see if you have any ideas why this provider Microsoft-Windows-Security-Auditing aka EventLog-Security aka Security log won't work with sealighter. I don't see any events when running this config
I've tried, Microsoft-Windows-Security-Auditing, EventLog-Security, Security and {54849625-5478-4994-a5ba-3e3b0328c30d} none produces events. Suppling EventLog-Security or Security in the provider name just produces a "name provider error in the configuration" message. I'm running sealighter as system and I see the events i'm after fire in the security log, but my sealighter produces zip.
Anyhow, I know this project isn't active, but I have found your creation very interesting in some of my research. I'm digging in trying to understand how you built sealighter and I just have to say thank you for the work you've done.
The text was updated successfully, but these errors were encountered:
I'm curious to see if you have any ideas why this provider Microsoft-Windows-Security-Auditing aka EventLog-Security aka Security log won't work with sealighter. I don't see any events when running this config
{
"session_properties": {
"session_name": "My-Process-Trace",
"output_format": "event_log",
"buffering_timout_seconds": 10
},
"user_traces": [
{
"trace_name": "mystuff",
"provider_name": "Microsoft-Windows-Security-Auditing"
}
],
"kernel_traces": [ ]
}
I've tried, Microsoft-Windows-Security-Auditing, EventLog-Security, Security and {54849625-5478-4994-a5ba-3e3b0328c30d} none produces events. Suppling EventLog-Security or Security in the provider name just produces a "name provider error in the configuration" message. I'm running sealighter as system and I see the events i'm after fire in the security log, but my sealighter produces zip.
This little example works:
https://github.com/microsoft/krabsetw/blob/master/examples/ManagedExamples/UserTrace005.cs
Anyhow, I know this project isn't active, but I have found your creation very interesting in some of my research. I'm digging in trying to understand how you built sealighter and I just have to say thank you for the work you've done.
The text was updated successfully, but these errors were encountered: