Oct.30, 2008 snapshot release fix this for me.
On Oct 30, 1:26 pm, "Fernando Rienton" <[EMAIL PROTECTED]> wrote: > Doing some testing and it looks like this rule is not firing. > > <rule id="18118" level="9"> > <if_sid>18104</if_sid> > <id>^517</id> > <options>alert_by_email</options> > <description>Windows audit log was cleared.</description> > <group>logs_cleared,</group> > </rule> > > Here is my eventlog from Windows 2003 Server. > > Event Type: Success Audit > Event Source: Security > Event Category: System Event > Event ID: 517 > Date: 10/30/2008 > Time: 1:23:47 PM > User: NT AUTHORITY\SYSTEM > Computer: GONAPASMG01 > Description: > The audit log was cleared > Primary User Name: SYSTEM > Primary Domain: NT AUTHORITY > Primary Logon ID: (0x0,0x3E7) > Client User Name: Administrator > Client Domain: GONAPASMG01 > Client Logon ID: (0x0,0x2DA130A9) > > Can anyone help? I just installed this application and would like to > know more about it. > > thanks
