| Message | Id | Version | Qualifiers | Level | Task | Opcode | Keywords | RecordId | ProviderName | ProviderId | LogName | ProcessId | ThreadId | MachineName | UserId | TimeCreated | ActivityId | RelatedActivityId | ContainerLog | MatchedQueryIds | Bookmark | LevelDisplayName | OpcodeDisplayName | TaskDisplayName | KeywordsDisplayNames | Properties |
|---|
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 8 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1140 | 1744 | n-h1-820935-3.cbci-820935-3.local | S-1-5-20 | 12/8/2021 11:42:34 AM | 93ff52af-ec28-0003-c252-ff9328ecd701 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 7 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1140 | 1748 | n-h1-820935-3.cbci-820935-3.local | S-1-5-20 | 12/8/2021 11:42:24 AM | 93ff52af-ec28-0003-c252-ff9328ecd701 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 6 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1140 | 1368 | n-h1-820935-3.cbci-820935-3.local | S-1-5-20 | 12/8/2021 11:42:02 AM | 93ff52af-ec28-0003-c252-ff9328ecd701 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 5 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1140 | 1616 | n-h1-820935-3.cbci-820935-3.local | S-1-5-20 | 12/8/2021 11:42:02 AM | 93ff52af-ec28-0003-c252-ff9328ecd701 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 4 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1328 | 1704 | n-h1-820935-3 | S-1-5-20 | 12/8/2021 10:54:47 AM | f1432c4c-ec21-0005-802c-43f121ecd701 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1392 | 1532 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:41:32 AM | ad8d0f9c-9109-0001-d70f-8dad0991d301 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1524 | 1660 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:27:17 AM | aff0bd57-9107-0000-a1bd-f0af0791d301 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 1 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1524 | 1660 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:27:17 AM | aff0bd57-9107-0000-a1bd-f0af0791d301 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |