Solved

Terminal server 2003 and Logs - Event triggers?

Posted on 2011-02-22
1
326 Views
Last Modified: 2012-05-11
OK-  I assume I'll need a third party program for this, but, here goes.  I have a terminal server running '03, that has a public IP (I hope to change the way we have this setup).  Every hour or so we get attacked by some random IP addresses from Europe or Asia.  I see in my logs the audit failure along with an originating IP.  This happens every few seconds for hours, or until I block the IP in my firewall.

So, since it looks like a bot net that's making the attack, is there any easy way to flag security audit failures to send me a warning, so that I can block the IP quickly?

Or, does anyone have any other suggestions on fixing this?
0
Comment
Question by:JamesonJendreas
1 Comment
 
LVL 31

Accepted Solution

by:
Justin Owens earned 500 total points
ID: 35001597
It will take a third party software to do that.  I would suggest SPLUNK.  It has the ability to have triggered alerts, and has the advantage of being freeware.  I have used it before with great success.

DrUltima
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VM server storage space expansion to improve the Server performance. 2 98
Auto-Enrollment Group Policy 2 59
DHCP server 6 63
windows Server 2003 in 2017 10 67
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question