Hi All
I'm learning log manager and try to connect AD event viewer by using syslog.
I install snare sofware and only set some paramters below:
1. set [Destination Snare Server address] as log manager's IP
2. Destination Port: 1468 (log manager default TCP port)
3. Enable [SYSLOG header checkbox]
4. click [change Configuration]and restart snare.
besides, I also set all audit policies of AD.I find some events were recorded on windows event viewer but I do now fine any event on [latest events] on Snare console.
Whether I forget something which must to configurated or not ??
wencheng
I'm learning log manager and try to connect AD event viewer by using syslog.
I install snare sofware and only set some paramters below:
1. set [Destination Snare Server address] as log manager's IP
2. Destination Port: 1468 (log manager default TCP port)
3. Enable [SYSLOG header checkbox]
4. click [change Configuration]and restart snare.
besides, I also set all audit policies of AD.I find some events were recorded on windows event viewer but I do now fine any event on [latest events] on Snare console.
Whether I forget something which must to configurated or not ??
wencheng