WIndows collection of Application and System Logs
I have Windows Machine Integrted with RSA and able to get only Security Logs but can't get any Logs for Application and System. Account which used to collect Security Log have the correct priveleges. On RSA envision - All three category selected to collect logs.
Please can any help If am missing any thing on Windows Agentless configuration area ?
Please look up the error messages in RSA enVision. Filter in event viewer of enVision on agentless and the IP address of the Windows Server. You will see error messages on the application and system log collection which you need to investigate.
i'll save you some time, the only problem that you can read the security event log and not any other logs is because of insufficient privileges. you have to be local admin on the box you like to read logs from other wise you won't be able to read them.
if you only want to read the security event log you need only the manage auditing and security log
You can read the application and system logs without being local admin! This is done in an environment where least privileges are very important.
Add the users SID to this reg key:
This may or may not be helpful in your environment. Agentless Windows without needing a Doman Admin Account.
::: on soap-box ::::
If your sales folks or anyone else for that matter told you that you needed admin accounts (local, domain, or otherwise) for Windows, they are not doing a good service and should be slapped around a little. Not good practice to have security products breaking security practices just collect logs.
::: off soap-box ::::