Month: January 2018

Issue with EventID field extraction in Windows_TA app

Today’s very short post is about an issue I came across viewing Application event logs that were onboarded using the Windows_TA app. The EventID field wasn’t being populated for most events. When I looked closer at the events, I could see that EventID can be represented in two different ways in different events: <EventID>1530</EventID> <EventID Qualifiers='16384'>16384</EventID> The first

Monitoring SQL in Low Priv environments the smart way

If you have a low priv SQL environment, you’re probably well aware of the pain of configuring and managing the run-as accounts required for SQL management packs. Well, there is a much simpler way to configure the necessary permissions, without using run-as accounts. The solution is to use Service SIDs, a method that Kevin Holman first discovered and blogged