I installed a universal forwarder 6.4.1 on a Windows 2012 domain controller using a local system account. The security logs are forwarded as expected. However, the Active Directory data like object creation, modification, etc didn't get through. Uninstalled the UF and tried installing the UF using a service account (domain account). However, the UF installation fails saying " installation ended prematurely with error" . My heavy forwarders and indexer are running on Linux.
Any suggestions on how to get this going?
↧