- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-01-2016 09:39 PM
Hello,
Trying to deploy User ID and the method used for part of the network is Windows Log Forwarding, as per guide linked below
Got the Windows event subscription forwarding from source to collector’s “forwarded events” log OK, but as per Palo Alto’s advice to forward events directly into security.evtx log, it does not work. When the destination via command line is forced, the following error when clicking on the subscription.
Currently collecting data into a Windows 2012 R2 Standard domain controller. To check it wasn’t a domain controller, picked a domain member server and setup a subscription, then tried to force the destination as the security log and got the same error. That was a Windows 2008 R2 Standard server.
Is something missing or does the Windows event log forwarding method simply doesn’t work and documentation needs to be updated?
Thanks in advance
Farzana
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!