question

smanif123 avatar image
0 Votes"
smanif123 asked FanFan-MSFT edited

domain controller logon / logoff user audit logs

Hi,

we have 20 domain controllers and need to forward audit logs (user logon / logoff ) to syslog server.

Below are the query.

  1. whether the audit log will get sync between all the domain controller ?

  2. what is best practice to send audit logs to sys log, all event logs from domain controller need to send separately or is there any other method.

Regards,
Mani





windows-active-directorywindows-server-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FanFan-MSFT avatar image
1 Vote"
FanFan-MSFT answered FanFan-MSFT edited

Hi,
1, Based on my research, Audit logs will not get sync between all the DCs. DCs just log the events for themself.
2, For send audit logs to system log, you can refer to the following link: https://social.technet.microsoft.com/Forums/ie/en-US/66587a55-2883-4365-be7d-ab5baed50dc0/need-to-collect-security-logs-from-all-domain-controller-to-central-location?forum=winserverDS

Best Regards,

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.


Hi,@smanif123
Welcome to share your current situation if there are any updates.
Please feel free to let us know if you need further assistance.
 
Best Regards,

0 Votes 0 ·

Hi,

thanks for the information, we decided to do the log forward centrally.

Regards,
Mani

0 Votes 0 ·
MiguelFra avatar image
1 Vote"
MiguelFra answered FanFan-MSFT edited

Hello Smanif,

Aside from what's mentioned already, the Windows Event Trap Translator will also do the trick if you have SNMP. Simply locate the EVENT ID(s) you want to trap and it will send an SNMP alert every time the EVENT ID is triggered.

https://www.falconitservices.com/support/KB/Lists/Posts/Post.aspx?ID=275

Cheers,

Miguel Fra
www.falconitservices.com

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Migurl,

Thanks for the information.

Regards,
Mani

0 Votes 0 ·

Hi,
If you want to end this thread, and one of the answer was helpful for you, you can "Accept as answer" to help other community members find the helpful reply quickly.
Best Regards,

0 Votes 0 ·