Hi All,
I hope somebody can help, as I have been pulling my hair out trying to understand what is going on.
I am completely new to Syslog, and was asked to replace or log server recently.
Eagerly I setup a new Server 2008R2 VM, and installed our version of Syslog: (Version 8.3.48 - Registered but out of support)
I exported our config from the old box, imported it into the new machine and switched IPs. Straight away, logs started appearing, and I thought all would be well.
Now, the logging works, but here is where the problems occur:
We use log file rotation set to 1 day max age.
We run verious schedules which move log files to a file server. One schedule copies the locally aged logs to our file server. The other copies performance logs from another server to the file server.
We then also run a prune and clean up task on the file servers log store.
When I use a service account with domain admin membership (As well as domain user and backup operator) this all works fine. The log files are rotated, the prune tasks take place and the log files are moved. The email alerts also work for each task.
We are trying to do away with service accounts which are domain admins, so I created a service account with just Domain user and backup operator membership. I then made this account local admin on all servers it needs to carry out tasks on, and set it to have access to all the shares.
However, when using this account nothing appears to work.
Log file rotation:
The log files do not rotate. Sometimes there is a load of entries in the log saying something to the effect of "Log file rotation ignored. Registered version feature"
Schedules:
Only 1 of the schedules runs, and even this is temperamental. Some mornings it has run others it has not.
The prune tasks do not run.
It appears to just ignore the tasks.
So, I guess the question really is, what access does Kiwi Syslog require? Why does nothing appear to work when using a local admin account as opposed to a domain account.
Thanks for reading