patrickg2525
commented
5 years ago I had same problems for a while - I think it was a permissions problem. I was able to get past the issue by modifying the SDDL in the GPO: Computer>Policies>Admin Templates>Windows Components>Event Log Service>[log]> Configure log access
Have you implemented this on a currently patched 2016 server Collector? Seems custom channel manifests import successfully, but changing a working subscription from Forwarded Events over to a custom channel and the events just don't write to the custom channel. EventCollector log is also silent. Permissions on the log files and channelAccess are identical.