This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Legacy Windows collection

sureshKsureshK
Beginner
Beginner

‎2018-07-17 11:11 AM

Hello All!

 

I'm facing below error while integrating windows server with SA.

 

1.) An error occurred creating an windows legacy connection:failed to open event log.

 

Kindly help/suggest on the same.

 

Thanks!

0 Likes
1 REPLY 1

ConODonnell
Occasional Contributor Occasional Contributor
Occasional Contributor

‎2018-07-17 11:59 PM

Hi Suresh,

Usually the errors come with a code, if you check the logs via the SA ui there's usually a code (5 for access denied is common i.e. the credentials you are suing cannot access the event log).

One way to test permissions and access is to do a "run as" from your desktop and use the account that's configured in legacy collection to connect event viewer to the same remote system you are trying to collect from and see if it connects.

Also in the advanced settings of the event source make sure you are using remote registry as the protocol for discovery and not RMI,

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.