ryannewington
commented
2 years ago @kiv4sek I haven't had much experience with event forwarding, but hopefully I can provide a few pointers.
- There isn't any LAPSWeb logs you will find. That was from the old version of the product.
- You may need to create the
Lithnet Access Managerapplication event log on the collector server by hand, to enable you to select it for forwarding. You can use a PowerShell command to do this.New-EventLog -source "Lithnet Access Manager Service" -LogName "Lithnet Access Manager"
I'm not sure what you mean by asking if the log instructions are still valid. Event logging is enabled automatically in access manager. Are you having problems with logs not appearing on the Access Manager server, or are you just trying to forward them somewhere else?
stale[bot]
[HELP] Windows Events Logs forwarding
We have installed the Lithnet application that our users use for temporary admin access. We would like to transfer all logs to Windows Event Collector and from there to our SIEM. How should we do it right? The documentation I found on git is based on a total of one Powershell command (which we can't run anyway, because the system says that the log has already been created - but there are no LAPSWeb logs). Logs from the application are collected in a separate folder on the "Lithnet Access Manager" server, which prevents me from "downloading" logs using a traditional subscription on the Windows Event collector (I am not able to select this folder). What's more, trying to create your own XML query also fails and the logs do not pass.
Is this log instruction still valid? I saw that it was last updated 4 years ago. Do you need to create something more? GPO?
Thanks for any help