This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2008-04-01 11:44 AM

Windows Access Rights-Getting some Log data but not security events

Hello All,

I am reviewing the enVision Windows Agentless Collection Troubleshooting guide.

 

 But I can't seem to determine the particular issue that I am having for certain servers in one region....I am getting "application event" log data and "system event" log data but I am not getting "security event" log data.

 

I have enVision configured to gather all logs by default....yet no security log data is captured... I know it is being produced, because I generated some security_529 events and the admin said that he saw them appear .... 

 

I am 100% certain that my issue is caused by a lack of privileges....can anyone guide me on which privileges are missing? Our server admin in the region is struggling to find the cause..  Also, I read somewhere within enVision

its recommended to ensure the account used by enVision is granted "local admin privileges"........but I cannot find that documented..now that I am looking for it ...can some one send me a link or document where RSA recommends this level of access ?   

 

thank you,

Regards, Rob

0 Likes
Reply
2 Replies
RSAAdmin
Beginner
Beginner
‎2008-04-02 12:24 PM

Hey Rob:

 

There are a couple of things you can do to help.

 

1. From the Event Viewer, do a search against the NIC System, and specify one of the Search boxes the string "agentless" (you can click regex) and do a search. That will provide records that relate to the NIC Windows Service, and should give you an idea as to what the exact error message is regarding your access to the Security Logs for the Windows Servers.

 

2. To grant "Local Admin Privileges" to the user account you created for retrieving Windows Logs from your Windows Servers to enVision, you will need to start up your "Local Users and Groups"  from the Control Panel of the Windows server. Conversely you can use the compmgmt.msc MMC console. You can add the user you created locally and assign Administrator priviliges to the account. Once that is done, you should be able to retrieve logs.

 

Good luck. Let me know how it goes.

 

Mark Nadir

 

0 Likes
Reply
RSAAdmin
Beginner
Beginner
‎2008-05-06 10:50 AM

Have you tried to run the "runeventviewas.exe" tool with the credentials that your Windows admin provided? 

 

Did this ever work?

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.