[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Subscription Services ......how do I get Security Logs to forward.

Posted on 2014-12-29
4
Medium Priority
?
84 Views
Last Modified: 2015-01-12
I set up a new Subscription services server to collect syslogs from my environment but for some reason I cannot get the security logs to forward.  I see application, setup, system logs but nothing from the security logs.  Do I need to do something to get them to forward to my subscription services server?????
0
Comment
Question by:gmckfn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 2000 total points
ID: 40522084
I recommend you refer to the TechNote article listed below:

http://technet.microsoft.com/en-ca/library/cc748890.aspx
0
 

Author Comment

by:gmckfn
ID: 40523628
I followed that article.  I got all the windows logs to forward to my collector except for the security logs.  the audit failures and success do not forward.  When setting up my forwarded events I have windows application, security , setup, and system logs checked but for some reason the security logs are the only ones not showing up.  is this a permissions issue??
setup.JPG
0
 
LVL 25

Accepted Solution

by:
Mohammed Khawaja earned 2000 total points
ID: 40524320
Have you configured the accounts correctly?  As per KB article, you must add user with administrator privileges:

You must add an account with administrator privileges to the Event Log Readers group on each source computer. You must specify this account in the Configure Advanced Subscription Settings dialog when creating a subscription on the collector computer.
0
 

Author Comment

by:gmckfn
ID: 40525694
yes I did.  I created a test account.  gave it domain admin rights and added it to the event log readers group.  then set it on the advanced tab of the subscription as seen in my attachment.   I still cannot get the security logs audit success and failures to show up.   also it takes awhile for the events collected from the source servers to propagate to the collector server.   what is the default time for this???
ggfgg.JPG
hhhhhhh.JPG
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
By default Outlook 2016 displays only one time zone in the Calendar. The following article explains how to display two time zones in one calendar view.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question