topic Re: How to monitor Microsoft CA logs on Server 2008 R2? in Getting Data In

How to monitor Microsoft CA logs on Server 2008 R2?

jodros — Tue, 29 Jul 2014 15:39:49 GMT

Has anyone been successful in monitoring Microsoft CA logs on Server 2008 R2? It looks as if they are being written to C:\Windows\System32\CertLog in EDB log format, which is not human readable. I want to say the EDB log format might also be used by Microsoft Exchange, so I don't know if any TA or SA for exchange could be leveraged.

Any assistance with this issue would be appreciated.

Thanks

Re: How to monitor Microsoft CA logs on Server 2008 R2?

jodros — Wed, 30 Jul 2014 13:05:23 GMT

early morning bump. No one is monitoring any Microsoft CA servers running on 2008 R2 with Splunk?

Re: How to monitor Microsoft CA logs on Server 2008 R2?

jodros — Wed, 30 Jul 2014 19:18:56 GMT

Figured out the issue. There was an additional auditing setting that needed to be tweaked in the GPO before the CA events started showing up in the WinEventLog:Security. No need to try and figure out a way to monitor the edb files.

Re: How to monitor Microsoft CA logs on Server 2008 R2?

nabeel652 — Tue, 09 Aug 2016 06:14:55 GMT

Do you remember what change did you make in GPO in order to collect CerLog like EventCode=64 etc?

Re: How to monitor Microsoft CA logs on Server 2008 R2?

jlemoine — Mon, 11 Dec 2017 20:32:54 GMT

What was the solution?

Re: How to monitor Microsoft CA logs on Server 2008 R2?

thambisetty — Tue, 24 Mar 2020 07:27:58 GMT

would be helpful, if you could provide how did you fix this.