STAS - intermittent issue with logging?

Question

Anybody got this setup for UTM 9.4? 
 I think the issue may lay with my AD and the auditing. STAS only seems to show logons of type 2 (interactive logon) and I know lots of users are logging on but they don't seem to be registering for some reason. The one's that have registered have been added to my UTM automatically which suggests that it's working but I think my audit policy on win 2012r2 doamin controller is wrong. 
 Can anybody tells me what the auditing should be set at? I've followed the guides but nothing showing in STAS or windows event logs with regards to logon type 2

Louis-M · Accepted Answer

What a pain this turned out to be..... 
 Firstly, there were conflicting GP's for recording logons. Once that was rectified, I applied the local security policy that Sophos states in their instructions with STAS. 
 Within a minute or two, this policy was reset and overwritten. Took me a while to trace it but on 2012r2, I had to go in via the advanced security policies and enable the auditing from there. Specifically, because it's a little different in there compared to the local security policy, you are looking to enable the kerberos auditing. 
 I've now got 4dc's reporting quite happily to the UTM's and adding 100's of users.