Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Terminal server 2003 and Logs - Event triggers?

Posted on 2011-02-22
1
Medium Priority
?
334 Views
Last Modified: 2012-05-11
OK-  I assume I'll need a third party program for this, but, here goes.  I have a terminal server running '03, that has a public IP (I hope to change the way we have this setup).  Every hour or so we get attacked by some random IP addresses from Europe or Asia.  I see in my logs the audit failure along with an originating IP.  This happens every few seconds for hours, or until I block the IP in my firewall.

So, since it looks like a bot net that's making the attack, is there any easy way to flag security audit failures to send me a warning, so that I can block the IP quickly?

Or, does anyone have any other suggestions on fixing this?
0
Comment
Question by:JamesonJendreas
1 Comment
 
LVL 31

Accepted Solution

by:
Justin Owens earned 2000 total points
ID: 35001597
It will take a third party software to do that.  I would suggest SPLUNK.  It has the ability to have triggered alerts, and has the advantage of being freeware.  I have used it before with great success.

DrUltima
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Loops Section Overview

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question