Issue Ingesting Security Logs from non-server operating systems (workstations)

%3CLINGO-SUB%20id%3D%22lingo-sub-1201221%22%20slang%3D%22en-US%22%3EIssue%20Ingesting%20Security%20Logs%20from%20non-server%20operating%20systems%20(workstations)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1201221%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20having%20an%20issue%20with%20ingesting%20any%20security%20events%20from%20workstations.%20We%20have%20installed%20the%20monitoring%20agent%20on%20both%20windows%20server%20OS%20and%20windows%2010.%20All%20windows%20servers%20OS%20logs%20arrived%20in%20a%20timely%20manner%2C%20but%20none%20of%20the%20windows%2010%20machines%20are%20showing%20logs.%20Anyone%20have%20an%20idea%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20for%20your%20time%20and%20helpfulness.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1201269%22%20slang%3D%22en-US%22%3ERe%3A%20Issue%20Ingesting%20Security%20Logs%20from%20non-server%20operating%20systems%20(workstations)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1201269%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F566799%22%20target%3D%22_blank%22%3E%40Christian_Lozach%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EIf%20the%20servers%20are%20working%20and%20not%20the%20workstations%2C%20make%20sure%20you%20have%20verified%20the%20Windows%2010%20workstations%20are%20configured%20correctly%20(ports%2C%20firewall%2C%20etc.)%2C%20not%20blocked%20by%20GPO%20or%20other%20management%20mechanism%2C%20and%20the%20MMA%20agent%20is%20reporting%20to%20the%20proper%20Log%20Analytics%20Workspace.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hello,

 

We are having an issue with ingesting any security events from workstations. We have installed the monitoring agent on both windows server OS and windows 10. All windows servers OS logs arrived in a timely manner, but none of the windows 10 machines are showing logs. Anyone have an idea?

 

Thank you for your time and helpfulness.

1 Reply
Highlighted

@Christian_Lozach

If the servers are working and not the workstations, make sure you have verified the Windows 10 workstations are configured correctly (ports, firewall, etc.), not blocked by GPO or other management mechanism, and the MMA agent is reporting to the proper Log Analytics Workspace.