Terminal server 2003 and Logs - Event triggers?

OK-  I assume I'll need a third party program for this, but, here goes.  I have a terminal server running '03, that has a public IP (I hope to change the way we have this setup).  Every hour or so we get attacked by some random IP addresses from Europe or Asia.  I see in my logs the audit failure along with an originating IP.  This happens every few seconds for hours, or until I block the IP in my firewall.

So, since it looks like a bot net that's making the attack, is there any easy way to flag security audit failures to send me a warning, so that I can block the IP quickly?

Or, does anyone have any other suggestions on fixing this?
LVL 1
JamesonJendreasAsked:
Who is Participating?
 
Justin OwensConnect With a Mentor ITIL Problem ManagerCommented:
It will take a third party software to do that.  I would suggest SPLUNK.  It has the ability to have triggered alerts, and has the advantage of being freeware.  I have used it before with great success.

DrUltima
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.