We have updated our Terms of Service, Code of Conduct, and Addendum.

AD FS Auditing Events Dropping from Windows Pack


The Microsoft Windows Events pack is currently dropping "SourceName=AD FS Auditing" events from the Security logs. I found the two lines that are not properly filtering the events.

  1. Pipeline: Windows Classic Events, "Final Cleanup" lines 27 & 28, (Serialize & Eval).

I turned it off, but still working to get the events to not drop and convert to json.

Q: Wondering if this filter is currently being updated/corrected?


  • Jon Rust
    Jon Rust Posts: 439 mod

    There is an update to the Windows Pack coming soon. Big, enormous update. But just in case, if you could send a sample of the events being missed, Ill get with the Pack author (Amazin David Maislin) to make sure we handle this correctly. (DM in Slack would be best.)