Not receiving security logs from AD server
I have configured AD server to the SIEM.
Agent type: windowsfg
Agent Version: 184.108.40.20679.0
everything was working fine few days back but now we are not receiving security logs.
we are receiving only application and system logs.
can someone let me know what may be the issue ?
I am not getting any error message as well in agent.log file.
I also check the security logs on the AD server, logs are available there.
Id recommend to check hparcsight account user privileges,
Also make sure that you ticked security logs after adding the servers to the windows unified connector.
And why would you be using such an old agent version?
issue resolved after moving server to another container , but any one know what went wrong which cause this issue.
As other servers on the same container is working properly.
You check with any network monitoring tool on the server. I feel this is server issue you can use native connector. this will work fine in heavy load.