This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
areebasad
Beginner
Beginner
‎2012-04-24 02:49 AM

Event Centralization

Hello, i am trying to use a method to collect events from many servers to a centralized windows server 2008 (Collector) then i use the windows Eventing service to collect the events from the collector server and the forwarded events, all this had been successfully done, then i tried to create a correlated rule that filters events using the Event computer variable (the computer that generated the events) but no alert fires. i gone to the Message Viewer and check the events i found that the Event computer is exists. why the alerts does not fires?
0 Likes
Reply
2 Replies
DavidDuarte
Beginner
Beginner
‎2013-08-06 09:35 AM

Hello,

 

Did you succeed to resolve this correlated rule issue?

 

I try to collect the forwarded events logs using a windows server 2008 (collector).

I can see the security logs on the event viewer from the collector but the logs are not collected by enVision.

Do have an idea regarding this collection issue?

 

David

0 Likes
Reply
areebasad
Beginner
Beginner
In response to DavidDuarte
‎2013-09-16 02:44 AM

Did you configured the Windows Eventing Collector service to collect Forwarding events subscription ?

this subscription contains all the forwarded events from the other servers with all types (System, Security, Application and all events you enabled in the forwarding configuration).

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.