Solved

'Easy' way of reviewing user loggons against DC's

Posted on 2012-04-02
3
252 Views
Last Modified: 2012-04-02
We are trying to figure out a more effective way of viewing logs. Specifically at the moment we are interested in 'filtering' the events down to who logged on to the DC locally and then what active directory users logged on to their machines ( domain environment ). So far we have tried using Snare with some filtering on but still the volume of logs just seems imense. Does anyone know of any software or any other ideas on how to achieve this>?
 The idea is to have a simple log of who logged on where at what time ( and of course myabe who tried to log on but failed) .

 Any help would be greatly appreciated
0
Comment
Question by:niniantech
  • 2
3 Comments
 
LVL 26

Accepted Solution

by:
Leon Fester earned 500 total points
ID: 37796401
The volume of transactions on your DC are directly proportionate to the number of  users, workstations and domain controllers that you have on your network.

You could consider something as simple as EventCombMT to search your event logs.
It's a manual process and depending on your environment, logs may already be overwritten by the time that you want to search for these events.
http://www.windowsitpro.com/article/log-files/take-advantage-of-the-eventcombmt-utility

Otherwise, 3rd party applications like Splunk, EIQ or Sentinel can be used to extract the logs for historical searches.
But expect to pay some $$$'s for these products
http://www.splunk.com/
http://www.eiqnetworks.com/
http://www.netiq.com/products/sentinel-log-manager/index.asp
0
 

Author Comment

by:niniantech
ID: 37796430
great, thanks for your suggestions.
0
 

Author Closing Comment

by:niniantech
ID: 37796431
thanks
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now