Hello,
i have managed to setup event log forwarding from a source computer (windows sbs2k11 DC) to a collector computer (domain joined Windows 7 Pro). i wanted to capture security events but these weren't appearing in forwarded events (other categories were). I came across a forum which explained that security logs requires a different type of account in order to retrieve it, which was NETWORK SERVICE. i went onto the sbs2k11 machine and added NETWORK SERVICE to the event log readers group.
i also tried to do this on a windows 8 and windows 2008 server machine but when i try to add users to event log readers group, the object type 'builtin principles' is not available and i cant seem to select NETWORK SERVICE. there doesnt appear to be much on this on the net.
my objective is to have a central workstation which has 4 RDS servers forwarding security events to it but i cant seem to get this to work on the above setup.
cheers.