Subscription Services ......how do I get Security Logs to forward.

I set up a new Subscription services server to collect syslogs from my environment but for some reason I cannot get the security logs to forward.  I see application, setup, system logs but nothing from the security logs.  Do I need to do something to get them to forward to my subscription services server?????
gmckfnAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
I recommend you refer to the TechNote article listed below:

http://technet.microsoft.com/en-ca/library/cc748890.aspx
0
gmckfnAuthor Commented:
I followed that article.  I got all the windows logs to forward to my collector except for the security logs.  the audit failures and success do not forward.  When setting up my forwarded events I have windows application, security , setup, and system logs checked but for some reason the security logs are the only ones not showing up.  is this a permissions issue??
setup.JPG
0
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
Have you configured the accounts correctly?  As per KB article, you must add user with administrator privileges:

You must add an account with administrator privileges to the Event Log Readers group on each source computer. You must specify this account in the Configure Advanced Subscription Settings dialog when creating a subscription on the collector computer.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gmckfnAuthor Commented:
yes I did.  I created a test account.  gave it domain admin rights and added it to the event log readers group.  then set it on the advanced tab of the subscription as seen in my attachment.   I still cannot get the security logs audit success and failures to show up.   also it takes awhile for the events collected from the source servers to propagate to the collector server.   what is the default time for this???
ggfgg.JPG
hhhhhhh.JPG
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.