Windows event log forwarding

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Windows event log forwarding

L4 Transporter

Hello,

 

Trying to deploy User ID and the method used for part of the network is Windows Log Forwarding, as per guide linked below

 

https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/user-id/deploy-user-id-in-a-large-sc...

 

 Got the Windows event subscription forwarding from source to collector’s “forwarded events” log OK, but as per Palo Alto’s advice to forward events directly into security.evtx log, it does not work. When the destination via command line is forced, the following error when clicking on the subscription.

Error.png

 

Currently collecting data into a Windows 2012 R2 Standard domain controller. To check it wasn’t a domain controller, picked a domain member server and setup a subscription, then tried to force the destination as the security log and got the same error. That was a Windows 2008 R2 Standard server.

 

Is something missing or does the Windows event log forwarding method simply doesn’t work and documentation needs to be updated?

 

Thanks in advance

Farzana

0 REPLIES 0
  • 1728 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!