This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

SMBv1 Logs - Collector Configuration

I've enabled collection of SMBv1 events on a few domain controllers that are still using it.  How do I have the collector agent pull those logs in?

They're located here: Microsoft-Windows-SMBServer\Audit

Parents
  • You will need to add the connector to the agent in order to begin collecting the logs. From the web console go to Manage -> Nodes. Use the filter options to show just agents. Locate the server you wish to collect the SMB logs on, place a check next to it and click Manage Node Connectors. Search for SMB and once the connector is found select it and click Add Connector. Once the connector is added make sure to Start it and going forward new logs from the Microsoft-Windows-SMBServer\Audit should start showing within the web console. 

Reply
  • You will need to add the connector to the agent in order to begin collecting the logs. From the web console go to Manage -> Nodes. Use the filter options to show just agents. Locate the server you wish to collect the SMB logs on, place a check next to it and click Manage Node Connectors. Search for SMB and once the connector is found select it and click Add Connector. Once the connector is added make sure to Start it and going forward new logs from the Microsoft-Windows-SMBServer\Audit should start showing within the web console. 

Children
No Data