User-Agnet 8.0.12-5 problem to read Windows server 2016 security event

Reply
L3 Networker

User-Agnet 8.0.12-5 problem to read Windows server 2016 security event

Hello,

 

I installed UIA 8.0.12-5 on WIN server 2008 R2 (FW PAN OS is 8.0.13).

 

I'm throubleshooting userid login problem and it looks that log event (Event ID 4768,4769,4770,4624) are not readed by the user agent on Windows Server 2016.

 

Connecting to WIN 2016 server I can see that Event ID 4768,4769,4770,4624 are on the security log but if I increase the debug on the UIA (verbose) this event are not there.

 

It looks like the agent doesn't understand the Event generated by the WIN Server 2016, is there any guide how to set up the event log of the WIN Server 2016 to by compatible with UIA ?

 

 

L7 Applicator

Re: User-Agnet 8.0.12-5 problem to read Windows server 2016 security event

@helenio.sartori,

Please ensure that you've actually properly granted the user-id agent service account the proper permissions to read from event logs. 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRyCAK

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!