Associate
- Joined
- 22 Sep 2007
- Posts
- 2,184
- Location
- Abingdon
Hi all,
I am using Windows 2008 and 2008 R2 on our domain.
I CAN configure member servers to forward their Application and System event logs but NOT the security logs. I do this by:
1. Creating a subscription called 'Security Logs' on the DC and using the 'Collector Initiated' parameter before adding the member servers.
2. Selecting 'Security' under the event logs tab and tick all the event boxes.
3. Under 'Advanced' I put the DOMAIN ADMIN credentials in order to read the logs.
Having the security logs on a central 'forwarded events' log would help audit account access, but I cant get forwarding for the security log working. When I look under 'runtime status' the servers are listed with a red 'X' beside them.
I have trawled the net and cant find an answer, does anyone here know?
Thanks,
Dan
I am using Windows 2008 and 2008 R2 on our domain.
I CAN configure member servers to forward their Application and System event logs but NOT the security logs. I do this by:
1. Creating a subscription called 'Security Logs' on the DC and using the 'Collector Initiated' parameter before adding the member servers.
2. Selecting 'Security' under the event logs tab and tick all the event boxes.
3. Under 'Advanced' I put the DOMAIN ADMIN credentials in order to read the logs.
Having the security logs on a central 'forwarded events' log would help audit account access, but I cant get forwarding for the security log working. When I look under 'runtime status' the servers are listed with a red 'X' beside them.
I have trawled the net and cant find an answer, does anyone here know?
Thanks,
Dan