![]() ![]() Give the "Manage auditing and security log" privilege to the service account through group policies (GPO) or via "local security policy".If you need to read DHCP lease information, also add it to the DHCP users group Add the account to the following domain groups: Event log readers, Distributed COM users.The other option is to have an account on the collector machine that is given the proper access, so that you can use the integrated AD authentication Create a service account and configure it in the remote collector. ![]() Go to Windows Firewall -> Inbound rules and enable the rules regarding "Remote log management".In particular, allow port 135 from the collector machine to the target Allow the necessary network connections to the target machines (through network rules and firewall rules, if applicable).In order for the LogSentinel Collector to gather logs from remote Windows machines, certain configurations have to be made. Windows Event Forwarding - the native Windows mechanism for collection.Pull remote Windows logs (via WMI) - you have to configure the right permissions and the IPs or CIDR of the target machines to collect events from.There are two ways to collect Windows logs remotely.
0 Comments
Leave a Reply. |