Lieutenant
Lieutenant
765 views

Windows native connector not pulling and logs

I have a windows natvie connecotr installed on windows 2012 server. The connecotor is not pulling any logs at all. Have reviewed logs but no anomblies could be detected.

0 Likes
6 Replies
Micro Focus Expert
Micro Focus Expert

Hello,

Have you noticed any error mesasge during connector instaltion?
Did you check conenctor logs for any WARN/ERROR/FATAL messages?

0 Likes
Lieutenant
Lieutenant

Haven't noticied any error. 

0 Likes
Lieutenant
Lieutenant

Haven't noticied any WARN/ERROR/FATAL messages.

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Hi Santosh,

  • Can you confirm if the installation went well? If not, what kind of error message did you get?
  • Are you using a service account which has the right permissions on the WEC or Windows Server you are getting the logs from?
  • Is the connector running as a service or as a stand alone and with what permissions?
  • Is there connectivity between the Win Event Log Connector and the Log Source Server?
  • Are there logs on the Windows Server to be pulled or any activity?
  • What kind of events have you selected, Application, System or Security?
  • What is the destination type (ESM, Logger, Event Broker)?
  • Is there a firewall in between? If yes, does the firewall rule allow for bi-directional traffic?

There are many ways to resolve your issues, but we would need to know more information to assist you in resolving the issue.

0 Likes
Lieutenant
Lieutenant

  • Can you confirm if the installation went well? If not, what kind of error message did you get?
  • Yes, the installation went well.
  • Are you using a service account which has the right permissions on the WEC or Windows Server you are getting the logs from?
  • Yes
  • Is the connector running as a service or as a stand alone and with what permissions?
  • As a service 
  • Is there connectivity between the Win Event Log Connector and the Log Source Server?
  • Yes
  • Are there logs on the Windows Server to be pulled or any activity?
  • To be pulled 
  • What kind of events have you selected, Application, System or Security?
  • System and Security Only.
  • What is the destination type (ESM, Logger, Event Broker)?
  • ESM 
  • Is there a firewall in between? If yes, does the firewall rule allow for bi-directional traffic?
  • bi-directional traffic is allowed, infeact tried disabling firewall as well.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

So if you generate new events on the Windows Server, none of these get pulled onto the connector?

Could you verify if the service account has sufficient permissions and the GPO is set up as per Configuration guide?

Are you using AD to get host info on the connector? If yes, does that setup work?

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.