locked
NPS Logging to SQL DB - System Events RRS feed

  • Question

  • Hi,

    I've got one NPS Server configured for SQL Server Logging, prepared the table / NPS Server settings and Events are being logged to the SQL DB nicely.  

    However, it seems SQL-Logging only allows Security-NPS events to be logged to SQL.

    Meaning EventID 6278 / 6272 are being logged to the SQL DB, but anything that is not a security-NPS event, like EventID 13/18 or 4400/4406 is not being logged to the Database.

    Example for things being logged:

    EventID - Log Name - Source - Task Category - General

    6272 - Security - Microsoft Windows Security - Network Policy Server - Network Policy Server granted access to a user.

    Example for things not being logged:

    EventID - Log Name - Source - Task Category - General

    13 - System - NPS - None - A RADIUS message was received from the invalid RADIUS client IP address x.x.x.x.

    So my questions is, how do i get my Source: System/NPS Logs logged to the SQL DB aswell?

    Regards

    Teemoe

    Wednesday, January 14, 2015 12:55 PM

Answers

  • Hi Teemoe,

    Do you mean the NPS Accounting log?

    If yes, this is not an issue. It's by design.

    NPS Accounting log will only log the Accounting information.In Log File Properties, on the Settings tab, in Log the following information, ensure that you choose to log enough information to achieve your accounting goals. For example, if your logs need to accomplish session correlation, select all check boxes.

    Best Regards.


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Proposed as answer by Steven_Lee0510 Tuesday, January 27, 2015 3:51 PM
    • Marked as answer by Steven_Lee0510 Thursday, January 29, 2015 3:27 PM
    Sunday, January 18, 2015 2:44 PM

All replies

  • Hi Teemoe,

    Do you mean the NPS Accounting log?

    If yes, this is not an issue. It's by design.

    NPS Accounting log will only log the Accounting information.In Log File Properties, on the Settings tab, in Log the following information, ensure that you choose to log enough information to achieve your accounting goals. For example, if your logs need to accomplish session correlation, select all check boxes.

    Best Regards.


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Proposed as answer by Steven_Lee0510 Tuesday, January 27, 2015 3:51 PM
    • Marked as answer by Steven_Lee0510 Thursday, January 29, 2015 3:27 PM
    Sunday, January 18, 2015 2:44 PM
  • Hi Steven,

    thank you for your reply.

    Yes it is the NPS Accounting, configured to log to SQL.

    I did check all checkboxes to get the Accounting and Authentitation requests logged to the Database.

    What i'm missing is the NPS-System events, such as EventID 13 as described above.

    Do you know if there is any way to get the NPS System logs logged to the SQL Database aswell?


    Regards,

    Teemoe


    Monday, January 19, 2015 9:35 AM
  • Hi Teemoe,

    This is not a issue.

    As I have mentioned above, NPS Accounting log will only log the Accounting information. It means that only the RADIUS messages are logged.

    Therefore, we can't use NPS Accounting log to log the other event.

    Best Regards.


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, January 27, 2015 3:51 PM
  • Hi Steven,

    yes, i understand that this is by design, my question was if there is a way to get the Security logs logged to the same database.

    I guess I'll try to realize proper event consolidation with SCOM instead.

    Thanks for your assistance

    Teemoe

    Thursday, February 12, 2015 11:24 AM