troubleshooting Question

Windows Event Log Experts - Identifying A User Login To Windows..How?

Avatar of m0tek
m0tek asked on
Windows Server 2003Microsoft Server OS
2 Comments1 Solution222 ViewsLast Modified:
Hi Experts ,

i have a system which analyzes the windows event log ..parses it and inserts that to a db which i can read later on (sim product).

ive tried looking into windows events and analyze which windows events does the dc generate in a case of a logon to the domain.

im trying to see which events should i be aware of (672..680..etc) when a user logs in (NTLM AND Kerb) , more like which events are generated and in what form (for a false example say -  event 1 , then 300 , then 400 will indicate a user login...) , i know this is big to comprahand so ill make it even shorter.

im gonna make a rule who will notify me about interactive login at night (24:00 till morning) , which events should i catch and be sure - Joe did a login at 01:00..(then further on ill look what he did on other systems)..

Thanx!
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 2 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 2 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros