Client Management Suite

Expand all | Collapse all

Evt_AeX_Client_LogOn appears to be missing events.

  • 1.  Evt_AeX_Client_LogOn appears to be missing events.

    Posted 6 days ago
    Using some example queries and my own troubleshooting it appears some events are being missed.
    I can query all the events for a specific GUID. In the example below these are the only 4 events on the machine.  Yet, someone else is currently logged in. I never got the logon event.

    • Does Evt_AeX_Client_LogOn get populated when someone logs in via RDP instead of the local console?
    • Does Evt_AeX_Client_LogOn support user switching?  In this case I think the person logged in logged in after DOMAIN\greg by doing a "Switch User"

  • 2.  RE: Evt_AeX_Client_LogOn appears to be missing events.

    Broadcom Employee
    Posted 5 days ago
    Edited by Sergei Zjaikin 5 days ago
    The answers to you questions are all Yes, plus multiple sessions on server OS-es are also supported.
    If you're sure that sql query is correct and that your NS does not drop or slowly processes NSE events, then please collect the agent side logs for the time period when undocumented 'logon' occurred. There should be some evidence about user switching and NSE posting.