Solved

Subscription Services ......how do I get Security Logs to forward.

Posted on 2014-12-29
4
81 Views
Last Modified: 2015-01-12
I set up a new Subscription services server to collect syslogs from my environment but for some reason I cannot get the security logs to forward.  I see application, setup, system logs but nothing from the security logs.  Do I need to do something to get them to forward to my subscription services server?????
0
Comment
Question by:gmckfn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 500 total points
ID: 40522084
I recommend you refer to the TechNote article listed below:

http://technet.microsoft.com/en-ca/library/cc748890.aspx
0
 

Author Comment

by:gmckfn
ID: 40523628
I followed that article.  I got all the windows logs to forward to my collector except for the security logs.  the audit failures and success do not forward.  When setting up my forwarded events I have windows application, security , setup, and system logs checked but for some reason the security logs are the only ones not showing up.  is this a permissions issue??
setup.JPG
0
 
LVL 25

Accepted Solution

by:
Mohammed Khawaja earned 500 total points
ID: 40524320
Have you configured the accounts correctly?  As per KB article, you must add user with administrator privileges:

You must add an account with administrator privileges to the Event Log Readers group on each source computer. You must specify this account in the Configure Advanced Subscription Settings dialog when creating a subscription on the collector computer.
0
 

Author Comment

by:gmckfn
ID: 40525694
yes I did.  I created a test account.  gave it domain admin rights and added it to the event log readers group.  then set it on the advanced tab of the subscription as seen in my attachment.   I still cannot get the security logs audit success and failures to show up.   also it takes awhile for the events collected from the source servers to propagate to the collector server.   what is the default time for this???
ggfgg.JPG
hhhhhhh.JPG
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question