Solved

Terminal server 2003 and Logs - Event triggers?

Posted on 2011-02-22
1
329 Views
Last Modified: 2012-05-11
OK-  I assume I'll need a third party program for this, but, here goes.  I have a terminal server running '03, that has a public IP (I hope to change the way we have this setup).  Every hour or so we get attacked by some random IP addresses from Europe or Asia.  I see in my logs the audit failure along with an originating IP.  This happens every few seconds for hours, or until I block the IP in my firewall.

So, since it looks like a bot net that's making the attack, is there any easy way to flag security audit failures to send me a warning, so that I can block the IP quickly?

Or, does anyone have any other suggestions on fixing this?
0
Comment
Question by:JamesonJendreas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 31

Accepted Solution

by:
Justin Owens earned 500 total points
ID: 35001597
It will take a third party software to do that.  I would suggest SPLUNK.  It has the ability to have triggered alerts, and has the advantage of being freeware.  I have used it before with great success.

DrUltima
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question