Domain Controller security logs
Hello - I am testing out cribl stream/edge - first time user. Using version 4.1.2.
I've deployed a stream server, a single worker and a Edge node leader.
I've installed the edge node agents using the "Add/Update Edge Node" automated script.
I've done this on 5 servers in my environment to test how this would work. So far, I can see logs coming into Edge/Stream and into my siem with one exception. My domain controller is not capturing/sending any data. I have followed this:as my guide for the setup. The other 4 servers are working as expected but the domain controller is not.
I dug and found at the end of an articlewhich states to check permissions on a registry key and make sure it has read rights; I checked that and still no data. I have checked the logs found under programdata\cribl\ and nothing jumps out.
- cribl is now accounting for 40GBs of space on that dc in the span of 3 days; what is causing the folder to grow?
- what other steps are needed to get the event logs (specifically security logs) to flow? when I look at the "destination" —> cribl_tcp —> status - there is never any events in buffer, sent bytes etc