Is there a version of syslog-ng Agent for Windows that supports Windows 11 or Windows Server 2022?
Does WEC work with Windows 11 or Windows Server 2022?
STATUS: The Enhancement Request # SYSLOGDEV-6147 has been created to review the possibility of adding support for Windows 11 and Windows Server 2022 into a future release of the product.
There is an internal Windows Event rendering error in these operating systems. The rendering error causes issues in accessing an event provider's metadata. Important fields may be missing from the forwarded log. Missing fields include but are not limited to EVENT_TYPE, EVENT_CATEGORY, EVENT_TASK, and Message.
Example log messages from Application container demonstrating differences between Windows 10 and Windows 11:
1. SecurityCenter Service
Windows 10:
402 <134>1 2022-02-08T14:22:03+01:00 windows-10 SecurityCenter 7932 - [win@18372.4 EVENT_PROVIDER="SecurityCenter" EVENT_FACILITY="16" EVENT_ID="1" EVENT_LEVEL="4" EVENT_NAME="Application" EVENT_REC_NUM="29222" EVENT_SID="N/A" EVENT_SOURCE="SecurityCenter" EVENT_TYPE="Information" EVENT_HOST="windows-10" EVENT_CATEGORY="None"][meta sequenceId="53"] The Windows Security Center Service has started.
Windows 11:
326 <134>1 2022-02-11T09:39:30+01:00 windows-11 SecurityCenter 2980 - [win@18372.4 EVENT_PROVIDER="SecurityCenter" EVENT_FACILITY="16" EVENT_ID="1" EVENT_LEVEL="4" EVENT_NAME="Application" EVENT_REC_NUM="1181440" EVENT_SID="N/A" EVENT_SOURCE="SecurityCenter" EVENT_HOST="windows-11" EVENT_CATEGORY="None"][meta sequenceId="123"]
2 . edgeupdate Service
Windows 10:
359 <134>1 2022-02-09T17:45:24+01:00 windows-10 edgeupdate 7932 - [win@18372.4 EVENT_PROVIDER="edgeupdate" EVENT_FACILITY="16" EVENT_ID="0" EVENT_LEVEL="4" EVENT_NAME="Application" EVENT_REC_NUM="29655" EVENT_SID="N/A" EVENT_SOURCE="edgeupdate" EVENT_TYPE="Information" EVENT_HOST="windows-10" EVENT_CATEGORY="None"][meta sequenceId="486"] Service stopped.
Windows 11:
313 <134>1 2022-02-11T01:46:42+01:00 windows-11 edgeupdate 2980 - [win@18372.4 EVENT_PROVIDER="edgeupdate" EVENT_FACILITY="16" EVENT_ID="0" EVENT_LEVEL="4" EVENT_NAME="Application" EVENT_REC_NUM="1181357" EVENT_SID="N/A" EVENT_SOURCE="edgeupdate" EVENT_HOST="windows-11" EVENT_CATEGORY="None"][meta sequenceId="40"]
Due to these issues, full support will have to wait for Microsoft to release a fix.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center