RSA Admin

Rule to alert when a Windows server is not generating Security logs

Discussion created by RSA Admin Employee on Oct 18, 2011
Latest reply on Oct 25, 2011 by RSA Admin

One of our servers has an issue each week... it stops generating/logging messages to the Security log. It keeps generating Application logs, and they're collected, so the collector doesn't know there's a problem, and doesn't generate any 400029 messages.

 

Does anyone have a rule written to alert when Windows Security logs aren't received?

 

Sorry if this seems too easy for this board. I'd create the rule myself, but I really don't have an hour to spare right now.

Outcomes