Help
FortiSIEM Discussions
adem_netsys
Contributor II

Created on ‎06-23-2025 09:11 AM

Coming Unknown Windows Logs with agent

Hello team,

 

Although policy assignment is made in the windows logs we receive with windows agent, the logs come as ‘unknown’. Has anyone encountered this situation before? We could not solve the problem by adding a device specific parser.

623
0 Kudos
10 REPLIES 10
cdurkin_FTNT
Staff
Staff
In response to adem_netsys

Created on ‎08-29-2025 05:13 AM

Was TAC successful in helping here?

I'd suggest providing a sample unparsed event.. and look within the sample for the "EventRecordID".

Then on the Windows Device reporting the data .. filter for the same EventRecordID and provide a copy of the XML View (under Details) of the same event.

 

eventRecordID_image.png

 

18
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.