Link to home
Start Free TrialLog in
Avatar of gmckfn
gmckfnFlag for United States of America

asked on

Subscription Services ......how do I get Security Logs to forward.

I set up a new Subscription services server to collect syslogs from my environment but for some reason I cannot get the security logs to forward.  I see application, setup, system logs but nothing from the security logs.  Do I need to do something to get them to forward to my subscription services server?????
SOLUTION
Avatar of Mohammed Khawaja
Mohammed Khawaja
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of gmckfn
gmckfn
Flag of United States of America image

ASKER

I followed that article.  I got all the windows logs to forward to my collector except for the security logs.  the audit failures and success do not forward.  When setting up my forwarded events I have windows application, security , setup, and system logs checked but for some reason the security logs are the only ones not showing up.  is this a permissions issue??
setup.JPG
ASKER CERTIFIED SOLUTION
Avatar of Mohammed Khawaja
Mohammed Khawaja
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of gmckfn
gmckfn
Flag of United States of America image

ASKER

yes I did.  I created a test account.  gave it domain admin rights and added it to the event log readers group.  then set it on the advanced tab of the subscription as seen in my attachment.   I still cannot get the security logs audit success and failures to show up.   also it takes awhile for the events collected from the source servers to propagate to the collector server.   what is the default time for this???
ggfgg.JPG
hhhhhhh.JPG