| Message | Id | Version | Qualifiers | Level | Task | Opcode | Keywords | RecordId | ProviderName | ProviderId | LogName | ProcessId | ThreadId | MachineName | UserId | TimeCreated | ActivityId | RelatedActivityId | ContainerLog | MatchedQueryIds | Bookmark | LevelDisplayName | OpcodeDisplayName | TaskDisplayName | KeywordsDisplayNames | Properties |
|---|
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 8 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1136 | 1792 | n-h1-850021-2.cbci-850021-2.local | S-1-5-20 | 7/18/2022 12:21:33 PM | cb789113-9aa0-0001-3991-78cba09ad801 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 7 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1136 | 1792 | n-h1-850021-2.cbci-850021-2.local | S-1-5-20 | 7/18/2022 12:21:23 PM | cb789113-9aa0-0001-3991-78cba09ad801 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 6 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1136 | 1656 | n-h1-850021-2.cbci-850021-2.local | S-1-5-20 | 7/18/2022 12:20:56 PM | cb789113-9aa0-0001-3991-78cba09ad801 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 5 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1136 | 1652 | n-h1-850021-2.cbci-850021-2.local | S-1-5-20 | 7/18/2022 12:20:56 PM | cb789113-9aa0-0001-3991-78cba09ad801 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 4 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1340 | 1984 | n-h1-850021-2 | S-1-5-20 | 7/18/2022 11:40:08 AM | 08d62d64-9a9b-0002-942d-d6089b9ad801 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1392 | 1532 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:41:32 AM | ad8d0f9c-9109-0001-d70f-8dad0991d301 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1524 | 1660 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:27:17 AM | aff0bd57-9107-0000-a1bd-f0af0791d301 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 1 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1524 | 1660 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:27:17 AM | aff0bd57-9107-0000-a1bd-f0af0791d301 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |