• Support
  • Forums
  • Blogs

unable to forward " Directory service access" category logs from security logs in windows to AV USM

MkMk

New Life Form
"Directory Service Access" category logs from security logs in windows are not forwarded to alien vault usm,

and how to forward setup & system logs to alienvault usm.

Share post:

Comments

  • How much setup have you done so far?  With your Windows machines you will have to install the HIDS agents to get syslogs from the Windows machines and even then its not everything.  With Linux boxes you could do agentless HIDS but I haven't played with that at all.  Finally, anything that can send to a syslog server, just set the syslog server IP address as the USM scanner address.  
  • I have installed ossec agent in my windows machine and by default  its forwarding only security logs.Now i came to know it is also filtering the security logs like "directory access logs " category logs.
      
  • Follow this document:

    In your local group policy editor, make sure that you have the Default Domain Controller Group Policy object set properly. If the event is logged in Event Viewer, the HIDS agent should pick it up.
  • Thanks for this article, I would like to know more.











Sign In or Register to comment.