Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
897
Views
0
Helpful
4
Replies

cda query

Go to solution
mulhollandm
Level 1
Level 1

‎11-25-2013 06:55 AM

folks

i 'm hoping you can help me out with a cda query

i've set up 2 cda appliances and am in the process of pointing them at 2 ad servers but i think i've hit a problem

the setup guide for the cda requires a registry change to the ad server but we have 50+ ad servers and i'm getting resistance about making this change

in order to get all the event log info does the cda need to see every server handling logons?

if so can i ask for the logs to be written to a central server and have the cda read those logs?

this is not urgent so i'd be grateful any opinions

thanks to anyone taking the time to reply

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tom Foucha
Cisco Employee
Cisco Employee

‎11-26-2013 07:37 AM

Unfortunately Microsoft did not build a method of log consolidation that would apply to the Security Event Logs. All other logs can be consolidated if you are using Active Directory Log Consolidation with the exception of the Security Events Log. If you have 50+ authentication sources then you must register each one with the CDA server in order to pick up changes to those security event logs.

If CDA only connects to the 2 AD servers mentioned above then only events from those servers will be recorded and avaialbe for discovery by the WSA.

Good luck!!!

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Collin Clark
VIP Alumni
VIP Alumni

‎11-25-2013 10:47 AM

What registry change are you making? You should only have to do it on the two AD servers CDA will connect to, not all 50+

0 Helpful

Go to solution
mulhollandm
Level 1
Level 1
In response to Collin Clark

‎11-26-2013 07:46 AM

collin

thanks for your reply

the registry change is as per the cda install document

0 Helpful

Go to solution
Tom Foucha
Cisco Employee
Cisco Employee

‎11-26-2013 07:37 AM

Unfortunately Microsoft did not build a method of log consolidation that would apply to the Security Event Logs. All other logs can be consolidated if you are using Active Directory Log Consolidation with the exception of the Security Events Log. If you have 50+ authentication sources then you must register each one with the CDA server in order to pick up changes to those security event logs.

If CDA only connects to the 2 AD servers mentioned above then only events from those servers will be recorded and avaialbe for discovery by the WSA.

Good luck!!!

0 Helpful

Go to solution
mulhollandm
Level 1
Level 1
In response to Tom Foucha

‎11-26-2013 07:50 AM

tommy

many thanks for your help and contribution, its greatly appreciated

i've since logged a call with tac who tell me it should work as long as we follow exactly what the cda guide says so we'll give it a try

our server folks are shy about making registry changes to their servers so we'll test this option first

i'll update the post when/if i make some progress

thanks again

0 Helpful
Customers Also Viewed These Support Documents