Help
FortiSIEM Discussions
adem_netsys
Contributor II

Created on ‎06-13-2025 06:14 AM

Some Windows Security Logs Issue with Windows Agent

Hi guys,

 

We're facing a problem. We are getting Windows logs with Windows Agent, but we are getting some logs and not getting some logs. For example, we cannot get some of the MSSQLServer33205 logs and some of them, in addition, we cannot see the log with ID 1104 in Events. What can we do for this? Agent Version 7.2.5.

 

Thanks in advance

181
0 Kudos
1 REPLY 1
cdurkin_FTNT
Staff
Staff

Created on ‎06-16-2025 07:18 AM

Probably best bet would be to you look in detail on the windows side at what the "EventRecordID" is for the missing entries .. you can view this under Details/Friendly View in the Windows Event Viewer.

eventRecordID.png

Then you can search for the corresponding ID in FortiSIEM...

eventRecordID_FSM.png

By either a Keyword Search... or by searching Reporting IP = x.x.x.x and Sequence Number = <ID>

If you do in fact have missing entries, then I would suggest a TAC ticket.

139
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.