|Applies To||RSA Security Analytics|
RSA Security Analytics Log Collector
|Issue||Unable to subscribe for events with Windows event source in RSA Security Analytics because Access is denied.|
The following error message is seen on the Log Collector: Unable to subscribe for events with Windows event source EVENTSOURCENAME: Fault Code : s:Sender Subcode : w:AccessDenied Reason : Access is denied. Fault Detail : Access is denied.
When configuring a Windows event source (using WinRM), make sure to add the user that is used for the collection in the Local Event Log Reader and not the Domain Event Log Reader.
It is also important to add the USER explicitly to the LOCAL EVENT LOG READER group. IT was found that if the user is a member of a group with the correct permissions, and this group was added to the LOCAL EVENT LOG READER group, then this error message would also occur.
|Legacy Article ID||a65450|