I had the help of a fellow Expert with a script that sent an email to me when event ID 632 was logged into the security logs.
here is the link
I would like to do something similar to this. I would like to monitor security event 528 (when some logs in) on 4 servers(DC01, DC02, EX01 and EX02). I need it to ignore when an account called internal triggers the event 528 as its a network account that the log in script uses.
I tried editing the script myself but on my ISA server (DC02) it send me a loop of over 200 emails in less then a minute.
Thanks in advance for your help.