RSA Admin

Windows Access Rights-Getting some Log data but not security events

Discussion created by RSA Admin Employee on Apr 1, 2008
Latest reply on May 6, 2008 by RSA Admin

Hello All,

I am reviewing the enVision Windows Agentless Collection Troubleshooting guide.

 

 But I can't seem to determine the particular issue that I am having for certain servers in one region....I am getting "application event" log data and "system event" log data but I am not getting "security event" log data.

 

I have enVision configured to gather all logs by default....yet no security log data is captured... I know it is being produced, because I generated some security_529 events and the admin said that he saw them appear .... 

 

I am 100% certain that my issue is caused by a lack of privileges....can anyone guide me on which privileges are missing? Our server admin in the region is struggling to find the cause..  Also, I read somewhere within enVision

its recommended to ensure the account used by enVision is granted "local admin privileges"........but I cannot find that documented..now that I am looking for it ...can some one send me a link or document where RSA recommends this level of access ?   

 

thank you,

Regards, Rob

Outcomes