| Message | Id | Version | Qualifiers | Level | Task | Opcode | Keywords | RecordId | ProviderName | ProviderId | LogName | ProcessId | ThreadId | MachineName | UserId | TimeCreated | ActivityId | RelatedActivityId | ContainerLog | MatchedQueryIds | Bookmark | LevelDisplayName | OpcodeDisplayName | TaskDisplayName | KeywordsDisplayNames | Properties |
|---|
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 8 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1120 | 1560 | n-h1-712707-16.cbci-712707-16.local | S-1-5-20 | 9/18/2021 12:28:05 AM | eb96068b-ac23-0000-9506-96eb23acd701 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 7 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1120 | 1552 | n-h1-712707-16.cbci-712707-16.local | S-1-5-20 | 9/18/2021 12:27:56 AM | eb96068b-ac23-0000-9506-96eb23acd701 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 6 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1120 | 1560 | n-h1-712707-16.cbci-712707-16.local | S-1-5-20 | 9/18/2021 12:27:24 AM | eb96068b-ac23-0000-9506-96eb23acd701 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 5 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1120 | 1952 | n-h1-712707-16.cbci-712707-16.local | S-1-5-20 | 9/18/2021 12:27:24 AM | eb96068b-ac23-0000-9506-96eb23acd701 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 4 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1344 | 1376 | n-h1-712707-16 | S-1-5-20 | 9/17/2021 11:54:34 PM | 4bcbff09-ac1f-0005-48ff-cb4b1facd701 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1392 | 1532 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:41:32 AM | ad8d0f9c-9109-0001-d70f-8dad0991d301 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1524 | 1660 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:27:17 AM | aff0bd57-9107-0000-a1bd-f0af0791d301 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 1 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1524 | 1660 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:27:17 AM | aff0bd57-9107-0000-a1bd-f0af0791d301 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |