We have an intruder that is accessing our win2k3 terminal server. I have changed the passwords so he/she can no longer get in, but the lawyers want to track any future attempts. Is there a way to log access on port 3389 on a pix 501? They want to capture: computer name, ip address and time that the pix was accessed even though the win2k3 server will now reject their login attempt. We do have legitimate users accessing the server using remote desktop on port 3389 so I will have to weed those out.