Windows Event Connection


Author
Message
wjansoone
wjansoone
New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)
Group: Forum Members
Posts: 5, Visits: 7
Hello,
I can connect to the local windows event registry. But I cannot get retrieving windows events on a remote machine to work. I have tried a number of combinations but it doesn't seem to work. I also notice that the dropdown for authentication type does not show string literals but only a small square symbol. So it is difficult to estimate what kind of authentication I have selected.
When I use the windows management eventviewer console , I can connect to the remote server and view the remote windows events.
Could you give me advice.
Thank you in advance.
Regards,
Wilke
LogViewPlus Support
LogViewPlus Support
Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)
Group: Moderators
Posts: 1.1K, Visits: 4K
Hi Wilke,

Thanks for highlighting the issue with the drop down values.  I can confirm this is a bug.  We will make sure it gets resolved before the next release.

The drop down values should be:
Default,
Negotiate,
Kerberos,
Ntlm




Hope that helps.  Please let me know if you continue to have issues.

Thanks again,

Toby

wjansoone
wjansoone
New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)
Group: Forum Members
Posts: 5, Visits: 7
Hello,

Thank you for your swift feedback. I still cannot get it to work. I have tried with the NETBIOS name and the IP address. I have added my user and password, and tried different authentication type. To no avail, I always get told that LogViewPlus is unable to retrieve data (there is a small typo in the error message (Unable to retreive data from:...). Is there a way to have more detailed information wat LogViewPlus tries to do?

Reagrds,

Wilke
LogViewPlus Support
LogViewPlus Support
Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)
Group: Moderators
Posts: 1.1K, Visits: 4K
That error message is shown when LogViewPlus is able to establish a connection, but unable to retrieve log entries.  When this happens it is usually because something is misconfigured or the target user does not have the correct permission.

Here is a good write up on settings that need to be in place to read Windows Event Logs remotely.  In particular, note that the user needs to be part of the "Event Log Readers" group.  This is true even if the user is already an administrator.

You will also need to provide the domain, user and password.  All three fields are required when connecting remotely. 

> retrieve.

Fixed for next release. Thanks! Smile


wjansoone
wjansoone
New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)
Group: Forum Members
Posts: 5, Visits: 7
Hello,

When I use the event windows management console (Eventviewer) I can read the remote events. I do not think it is a question of permissions.  I tried all combinations but still no access via LogViewPlus. Does LogViewPlus allow to authenticate silently using the user's Kerberos ticket. In this case I should need to pass user and password.

Thank you in advance.

Regards,

Mrs. Wilke Jansoone

LogViewPlus Support
LogViewPlus Support
Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)
Group: Moderators
Posts: 1.1K, Visits: 4K
Can you view the security logs in Event Viewer?  If so, it is likely running as Admin.  It may be worth running LogViewPlus as admin as that might be part of the issue.

I successfully tested a remote connection the other day using NTLM with a valid user and password.  The user was an admin on the remote machine and also a member of the Event Log Readers group on both machines.  Silent Kerberos authentication is not supported.

Unfortunately, it is difficult to debug these issues as a number of things could be blocking the connection.  I can't explain why Event Viewer can connect, but it's possible that Event Viewer has special registry or firewall settings that I am not aware of.
wjansoone
wjansoone
New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)
Group: Forum Members
Posts: 5, Visits: 7
Hello,

So finally I managed to connect, I entered my username without the domain prefix. Would be interesting to include in documentation. Additionally, giving my password could potentially lead to problems later after. If my password is required to be change (due to company policy) I could lock the user when trying to use the event datasource without updating the password. Is there a way to use the user's current security context?

Thank you for your support.
Regards,
Mrs. Wilke Jansoone
LogViewPlus Support
LogViewPlus Support
Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)
Group: Moderators
Posts: 1.1K, Visits: 4K
Glad to hear you got it working Wilke - thanks for letting me know.

I think those are both great points.  I have updated the documentation to be more explicit about how the user credentials should be configured.  We have also just released LogViewPlus v3.1.9 as a BETA release.  This release fixes the 'authentication type' drop down issue you highlight above.  We have also added the ability to use your security context instead of an explicit username and password.  You can now login to a remote Windows Event Log instance without proving a username and password.

Hope that helps.  Thanks again for the great suggestions!

Toby
wjansoone
wjansoone
New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)
Group: Forum Members
Posts: 5, Visits: 7
Hello Toby,
Thank you for your swift reaction. I can confirm that the Authentication Type dropdown now shows correctly the different options and that I can connect to the remote eventlog source using my current credentials without having to populate the password field.
Regards,
Mrs. Wilke Jansoone

LogViewPlus Support
LogViewPlus Support
Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)Supreme Being (6.7K reputation)
Group: Moderators
Posts: 1.1K, Visits: 4K
Glad to hear that's working better now.  Thanks again for highlighting these issues!

Toby
GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...




Similar Topics

Login

Explore
Messages
Mentions
Search