RSA Admin

Windows 2008 AD event collecting using WinRM problem

Discussion created by RSA Admin Employee on Feb 14, 2013
Latest reply on Feb 25, 2013 by RSA Admin

Hello everyone,

I have strange problem using WinRM collecting method from one Win 2008 AD controller - I can collect successfully Application and System logs but Security logs is something which I never managed to get. So far I tried everything from known documentation:

- I use doman account with administrators privileges

- That account is in "Event Log readers" group

- Channel subscription changed with known "S-1-5-20" form

I think there must be some privileges level problem but I don't know which one...status during "wineventsvc -v++" is always "Event count = 0".

 

If somebody have any idea ...

 

BR,

Dragan

Outcomes