I have been running a POC for SIEM event log forwarding.
I have put a bunch of exclusions in place using the filters to restrict the amount of data being shipped to the SIEM.
I have found that I am receiving events for replica jobs Starting, Stopping and Completed.
In the SIEM logs I can see the origin enterpriseid=31023, when I try to add this to the filter it says the event isn't found.
Upon investigating the VBR server logs I can see that in the event log these events show with an eventide of 0 (Completed),1 (Started) & 2 (Stopped).
When I try to put those events into the filter they also aren't recognised as valid events.
Has anybody else come across this?
I have put a bunch of exclusions in place using the filters to restrict the amount of data being shipped to the SIEM.
I have found that I am receiving events for replica jobs Starting, Stopping and Completed.
In the SIEM logs I can see the origin enterpriseid=31023, when I try to add this to the filter it says the event isn't found.
Upon investigating the VBR server logs I can see that in the event log these events show with an eventide of 0 (Completed),1 (Started) & 2 (Stopped).
When I try to put those events into the filter they also aren't recognised as valid events.
Has anybody else come across this?
Statistics: Posted by MarkBoothmaa — Mar 26, 2025 9:18 am
