DX UIM NTEVL probe Monitoring DC agent event.
Article ID: 378155
Updated On:
Products
Issue/Introduction
Attempted to use the ntevl probe
The probe currently allows the selection of application, system, and security events
Reference: ntevl Probe Configuration Documentation
The targeted Events Location is: %SystemRoot%System32\Winevt\Logs\Microsoft-AzureADPasswordProtection-DCAgent%4Admin.evtx
Key Question: Is there a way (possibly through customization) to access and monitor events from this specific path using the ntevl probe?
Environment
DX UIM any version
NTEVL probe any version.
Resolution
Probe only discovers and monitors logs that are displayed under Log Summary on the Windows Event Viewer page.
Please see the screenshots below:
- Windows Event Viewer
- Below is the screenshot of the probe GUI:
You can choose if Microsoft-AzuresADPasswordProtection logs are listed under the Available Log Files section (highlighted in the below screenshot) and add it for monitor monitoring.
Feedback
