Getting Data In

Problems with WinEvent collection on Windows2000 Server

Communicator

Hi everybody,

my client uses a UF to forward Data from a Windows 2000 server. They try to collect Winevents.

Application
System
Security

The collection itself seems to work, but we only see Application logs in Splunk. For both other event logs we get:

WinEventLogChannel - init: Failed to bind to DC, dc_bind_time=9047 msec
WinEventLogChannel - Initialized Windows Event Log='Security' Success; oldest_rec_id='0'; newest_rec_id='0'; total_rec='0'

Which actually means that Splunk can not find any logs, but why?

0 Karma

SplunkTrust
SplunkTrust

imho its not supported

0 Karma

Communicator

Thanks for you comment. I read similar, but I also read that Forwarding at least should work. As I said, we are just receiving Application Logs from that host - this works fine. But only no Security or System logs. (inputs.conf is fine)

0 Karma