I had tested use Syslog method (using Snare) , WMI Method to collect
windows event log, now I want to use the new method that is sentinel
agent to collect.

I install a windows 2008 R2 with Senitnel Agent Manager. and using
"Agent Administrator" to install agent to another windows 2008R2. I
could seem it show up on Sentinel Web console..
then I perform "Configuration Wizard" to enable collect [File
Replication] /[ System ]log...also manual set GPO Audition setting==> I
could see 2 event sources object were generated below Microsodt
AD/windows Collector.

But I have a little question: I login the this agent Machine...Sentinel
Agent will send the login event to Sentinel..But I stop a service (like
print Spooler) or modify user membership..these events were not send to

Which step I misconfig or forgot ??....Who could teach me about Sentinel
Agent setting ??



wyldkao's Profile: https://forums.netiq.com/member.php?userid=1688
View this thread: https://forums.netiq.com/showthread.php?t=49595