Windows Server 2012R2 running Collector agent v5.0.0247
Various Win 7 & 8 clients and Macs
Due to having a number of Macs on our domain I can't use DC agents as when users authenticate on the Macs the collector agent does not pick them up. So I need to use the second option "Check Windows Security Event logs", however when I use this option all I see is a list
However with the second option selected I don't see any login events instead I just see any entry in collector log:
What happens when using the Polling Event logs with WMI option (third one)? This one is the recommended option to use.
Are there errors in the Windows Server event logs visible?
Are you sure the agent is installed with an account that has enough permissions to read the event log? Maybe try a full domain admin account as a test to ensure this is not the issue.
Also there is a newer agent available that can be used, namely v5.0.0250 (which can be found in the download map for 5.2.8).
Also there are some requirements that are not that easy to find. For example, all workstations have to be resolvable in DNS by the agent, and remote registry has to be enabled via ports 139 or 445. This only applies to Windows machines, I don't know if this works with Macs.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.