Submit a ticketCall us

Systems Monitoring for Dummies
Our new eBook will teach you the fundamentals and help you create monitors and alerts that are effective, meaningful, and actionable. Monitoring is more than a checkbox on your to-do list. This free eBook will give you practical advice to help you succeed in all aspects of monitoring – discovery, alerting, remediation, and troubleshooting. Don’t miss out on this indispensable resource for newbies, experienced IT pros, and everyone in between. Register Now.

Home > Success Center > Log & Event Manager (LEM) > Vista Alert detected with NT Security Connector

Vista Alert detected with NT Security Connector

Created by Randall Harwood, last modified by Tim Rush on Sep 26, 2017

Views: 92 Votes: 1 Revisions: 6

Overview

The wrong connector is being used to read the Windows security event log, and LEM is not saving the Windows security events to the database.
This article provides brief information and steps to resolve the issue when the LEM GUI-console displays "Vista Alerts are detected with NT Security Connector" alerts under Monitor tab > 'Internal Events'.

Environment

All LEM versions 

Cause

The issue is caused when the Agent is installed on Windows Vista and newer computers, and the incorrect 'older' Security Event log connector is selected (only used for Windows 2000, XP, 2003).
This could also happen if configuring a Connector Profile (under Build > Groups), and selecting the incorrect connector for the security event log. All computers listed under the profile would be affected, and produce the error.
LEM connector name for newer Windows operating systems is "Vista Security".

Resolution

1. Identify the Detection Ip of the Machine that is providing the alert.

2. Go to Manage > Nodes.

3. Select the Gear to the LEFT of the target Machine.

4. After selecting the Gear, choose Connectors.

5. Select the configured box. You should see the Windows NT/2000/XP Security Log connector running.
     (or uncheck 'configured', then search for 'security log'. "Vista Security" is used for Windows 7/8/10/2008/2012/2016, and "Windows NT/2000/XP Security Log" is used for 2000/XP/2003.)

6. Stop the Connector.

7. Delete the Connector.

8. Uncheck Configured.

9. Search for Windows 7/2008/Vista Security Log.

10. Select the gear next to the Windows 7/2008/Vista Security Log.

11. Choose New.

12. Start the Windows 7/2008/Vista Security Log connector.

 

You should no longer see Vista Alert Detected with NT Security Connector alerts under LEM Internal Events.

 

 

 

Last modified

Tags

Classifications

Public