One of our servers has an issue each week... it stops generating/logging messages to the Security log. It keeps generating Application logs, and they're collected, so the collector doesn't know there's a problem, and doesn't generate any 400029 messages.
Does anyone have a rule written to alert when Windows Security logs aren't received?
Sorry if this seems too easy for this board. I'd create the rule myself, but I really don't have an hour to spare right now.