?
Solved

Subscription Services ......how do I get Security Logs to forward.

Posted on 2014-12-29
4
Medium Priority
?
83 Views
Last Modified: 2015-01-12
I set up a new Subscription services server to collect syslogs from my environment but for some reason I cannot get the security logs to forward.  I see application, setup, system logs but nothing from the security logs.  Do I need to do something to get them to forward to my subscription services server?????
0
Comment
Question by:gmckfn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 2000 total points
ID: 40522084
I recommend you refer to the TechNote article listed below:

http://technet.microsoft.com/en-ca/library/cc748890.aspx
0
 

Author Comment

by:gmckfn
ID: 40523628
I followed that article.  I got all the windows logs to forward to my collector except for the security logs.  the audit failures and success do not forward.  When setting up my forwarded events I have windows application, security , setup, and system logs checked but for some reason the security logs are the only ones not showing up.  is this a permissions issue??
setup.JPG
0
 
LVL 25

Accepted Solution

by:
Mohammed Khawaja earned 2000 total points
ID: 40524320
Have you configured the accounts correctly?  As per KB article, you must add user with administrator privileges:

You must add an account with administrator privileges to the Event Log Readers group on each source computer. You must specify this account in the Configure Advanced Subscription Settings dialog when creating a subscription on the collector computer.
0
 

Author Comment

by:gmckfn
ID: 40525694
yes I did.  I created a test account.  gave it domain admin rights and added it to the event log readers group.  then set it on the advanced tab of the subscription as seen in my attachment.   I still cannot get the security logs audit success and failures to show up.   also it takes awhile for the events collected from the source servers to propagate to the collector server.   what is the default time for this???
ggfgg.JPG
hhhhhhh.JPG
0

Featured Post

ATEN's HDBaseT Presentation at InfoComm 2017

Hear ATEN Product Manager YT Liang review HDBaseT technology, highlighting ATEN’s latest solutions as they relate to real-world applications during her presentation at the HDBaseT booth at InfoComm 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When asking a question in a forum or creating documentation, screenshots are vital tools that can convey a lot more information and save you and your reader a lot of time
In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question