Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Terminal server 2003 and Logs - Event triggers?

Posted on 2011-02-22
1
Medium Priority
?
332 Views
Last Modified: 2012-05-11
OK-  I assume I'll need a third party program for this, but, here goes.  I have a terminal server running '03, that has a public IP (I hope to change the way we have this setup).  Every hour or so we get attacked by some random IP addresses from Europe or Asia.  I see in my logs the audit failure along with an originating IP.  This happens every few seconds for hours, or until I block the IP in my firewall.

So, since it looks like a bot net that's making the attack, is there any easy way to flag security audit failures to send me a warning, so that I can block the IP quickly?

Or, does anyone have any other suggestions on fixing this?
0
Comment
Question by:JamesonJendreas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 31

Accepted Solution

by:
Justin Owens earned 2000 total points
ID: 35001597
It will take a third party software to do that.  I would suggest SPLUNK.  It has the ability to have triggered alerts, and has the advantage of being freeware.  I have used it before with great success.

DrUltima
0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question