|
I have PA Server Monitor 6.2.0.221 and would like to create an Event Monitor on our Domain Controller that will monitor the security log for a specific account logon ( account is member of Domain Admins) I have set the event monitor for Microsoft_Windows_Security_Auditing for Event ID 4672 and "usersname" then write to a text file. This text file is huge and I need to be able to limit contents. Is there an Event ID or Logon Type I can add that will just let me know when this user logs on to any Server in our domain? Thanks for any assistance! |
|
Hi techgal64, There are many different event ids that you can monitor for. Here is a link to a Microsoft page that talks about some of them and a link to our documentaion on how to filter for them. Hope this helps. Description of security events in Windows Vista and in Windows Server 2008 How to Audit Windows Logons and Logon Failures Thanks Please make sure to mark your questions accepted when you have your answer by clicking the gray check mark to the left of the answer. |
