Hello, I'm trying to use Sealighter to get events (and filter them) from the following provider: {5BBB6C18-AA45-49B1-A15F-085F7ED0AA90} (for NTLM authentication).
So I created this config file:
{ "session_properties": { "session_name": "seatrace", "output_format": "stdout", "output_filename": "C:\\Users\\user\\Downloads\\sealighter\\output-ntlm.json" }, "user_traces": [ { "trace_name": "ntlm_trace", "provider_name": "{5BBB6C18-AA45-49B1-A15F-085F7ED0AA90}", "dump_raw_event": true } ] }
Using other providers everything works well, but with this in particular nothing pops out (only the two events of the start/end of the session).
The activity that should trigger events is, for example:
net use \\192.168.1.4 /user:test
Using logman like this:
logman create trace t -p "{5BBB6C18-AA45-49B1-A15F-085F7ED0AA90}" 0x0FFFFFFFFFFFFFFF 5 -ow out.etl
and doing exactly the same stuff, events are generated without any problem.
Since I have no problems with other providers, I really don't know why this happens.
Any guess?