|Applies To||RSA Product Set: NetWitness Logs & Network|
RSA Product/Service Type: Log Collector
RSA Version/Condition: 10.6.x, 11.x
|Issue||Unable to subscribe for events with Windows event source in RSA Security Analytics because "Access is denied".|
The following error message is seen in the Log Collector logs:
Unable to subscribe for events with Windows event source EVENTSOURCENAME: Fault Code : s:Sender Subcode : w:AccessDenied Reason : Access is denied. Fault Detail : Access is denied.
|Cause||The Windows user account used by NetWitness has insufficient privilege to read the event logs.|
Explicitly add the USER to the LOCAL EVENT LOG READER group.
|Legacy Article ID||a65450|