Windows Event Log Experts - Identifying A User Login To Windows..How?

Posted on 2007-07-31
Medium Priority
Last Modified: 2013-12-05
Hi Experts ,

i have a system which analyzes the windows event log ..parses it and inserts that to a db which i can read later on (sim product).

ive tried looking into windows events and analyze which windows events does the dc generate in a case of a logon to the domain.

im trying to see which events should i be aware of (672..680..etc) when a user logs in (NTLM AND Kerb) , more like which events are generated and in what form (for a false example say -  event 1 , then 300 , then 400 will indicate a user login...) , i know this is big to comprahand so ill make it even shorter.

im gonna make a rule who will notify me about interactive login at night (24:00 till morning) , which events should i catch and be sure - Joe did a login at 01:00..(then further on ill look what he did on other systems)..

Question by:m0tek
LVL 63

Accepted Solution

SysExpert earned 1500 total points
ID: 19601995
It sounds like you already have the information from the logs.

Just create rules for all the events, and also do some testing of your own to confirm.

I hope this helps !

LVL 70

Expert Comment

ID: 19605094

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question