【发布时间】:2020-03-02 11:52:59
【问题描述】:
在关注此帖子:https://blogs.technet.microsoft.com/russellt/2016/05/18/creating-custom-windows-event-forwarding-logs/ 后,我一直在源服务器上收到以下错误消息(通过 Eventlog-ForwardingPlugin),尽管我已经尝试将“网络服务”添加到指定频道并且当前订阅是“源发起的” ”和“网络服务”在事件日志阅读器组中。关于如何解决它的任何想法?谢谢!
"The subscription WEC-*** is created, but one or more channels in the query could not be read at this time."
频道 ACL:
C:\Windows\system32>wevtutil gl WEC-***
name: WEC-***
enabled: true
type: Operational
owningPublisher: WEC
isolation: Application
channelAccess: O:BAG:SYD:(A;;0x2;;;S-1-15-2-1)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573)(A;;0x1;;;S-1-5-20)
logging:
logFileName: D:\Logs\***\WEC-***.evtx
retention: false
autoBackup: false
maxSize: 10737418240
publishing:
fileMax: 1
【问题讨论】:
-
你解决过这个问题吗?我似乎遇到了这个问题。
-
@Redcoatwright 不幸的是:(
标签: windows events forwarding