| Message | Id | Version | Qualifiers | Level | Task | Opcode | Keywords | RecordId | ProviderName | ProviderId | LogName | ProcessId | ThreadId | MachineName | UserId | TimeCreated | ActivityId | RelatedActivityId | ContainerLog | MatchedQueryIds | Bookmark | LevelDisplayName | OpcodeDisplayName | TaskDisplayName | KeywordsDisplayNames | Properties |
|---|
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 8 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1148 | 1344 | n-h1-852396-1.cbci-852396-1.local | S-1-5-20 | 8/8/2022 4:05:11 PM | 834b903c-ab40-0001-5f90-4b8340abd801 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 7 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1148 | 1672 | n-h1-852396-1.cbci-852396-1.local | S-1-5-20 | 8/8/2022 4:05:01 PM | 834b903c-ab40-0001-5f90-4b8340abd801 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 6 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1148 | 1800 | n-h1-852396-1.cbci-852396-1.local | S-1-5-20 | 8/8/2022 4:04:32 PM | 834b903c-ab40-0001-5f90-4b8340abd801 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 5 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1148 | 1664 | n-h1-852396-1.cbci-852396-1.local | S-1-5-20 | 8/8/2022 4:04:30 PM | 834b903c-ab40-0001-5f90-4b8340abd801 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 4 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1332 | 1700 | n-h1-852396-1 | S-1-5-20 | 8/8/2022 3:18:47 PM | 159df620-ab3a-0003-42f6-9d153aabd801 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 3 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1392 | 1532 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:41:32 AM | ad8d0f9c-9109-0001-d70f-8dad0991d301 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 2 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1524 | 1660 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:27:17 AM | aff0bd57-9107-0000-a1bd-f0af0791d301 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Subscription policy has changed. Forwarder is adjusting its subscriptions according to the subscription manager(s) in the updated policy. | 106 | 0 | | 4 | 0 | 0 | -9223372036854775808 | 1 | Microsoft-Windows-Forwarding | 699e309c-e782-4400-98c8-e21d162d7b7b | Microsoft-Windows-Forwarding/Operational | 1524 | 1660 | WIN-5T344G8GM1H | S-1-5-20 | 1/19/2018 9:27:17 AM | aff0bd57-9107-0000-a1bd-f0af0791d301 | | microsoft-windows-forwarding/operational | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |