Windows eventlog forwarding

TimoSch · August 20, 2020, 8:03am

Hello,

my goal should be that all Windows domain controllers eventlogs from “Directory Services” forward to the Event console in tactical overview. I configured Logwatch Event Console Forwarding in WATO with
“forward messages to event console”. The “list of expected logfiles” shows in the parameters all event logs just like Powershell, KMS, Hardware, Active Directory and so on,

The problem is that only event logs entries from Application or Security is forward to EC but nothing from “Directory Services”.

What I have to configure or what I have made wrong?

Thanks for any help!!
Timo

kdeutsch · August 20, 2020, 8:24am

Hello,
do you have a rule “Finetune Windows Eventlog Monitoring” in Monitoring Agents?

Karl

TimoSch · August 20, 2020, 8:29am

No. What I have to configure there?

Are my “first steps” the right way ?

kdeutsch · August 20, 2020, 8:32am

Hi,
if you deactivate the forwarding and do a full scan on your windows machine … what log files are discovered by Checkmk?

Karl

TimoSch · August 20, 2020, 8:37am

Hi,

The needed logs; Log Active Directory Web Services, Log DFS Replication, Log DNS Server

Timo

system · September 19, 2020, 6:37pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.