Solved

'Easy' way of reviewing user loggons against DC's

Posted on 2012-04-02
3
260 Views
Last Modified: 2012-04-02
We are trying to figure out a more effective way of viewing logs. Specifically at the moment we are interested in 'filtering' the events down to who logged on to the DC locally and then what active directory users logged on to their machines ( domain environment ). So far we have tried using Snare with some filtering on but still the volume of logs just seems imense. Does anyone know of any software or any other ideas on how to achieve this>?
 The idea is to have a simple log of who logged on where at what time ( and of course myabe who tried to log on but failed) .

 Any help would be greatly appreciated
0
Comment
Question by:niniantech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 26

Accepted Solution

by:
Leon Fester earned 500 total points
ID: 37796401
The volume of transactions on your DC are directly proportionate to the number of  users, workstations and domain controllers that you have on your network.

You could consider something as simple as EventCombMT to search your event logs.
It's a manual process and depending on your environment, logs may already be overwritten by the time that you want to search for these events.
http://www.windowsitpro.com/article/log-files/take-advantage-of-the-eventcombmt-utility

Otherwise, 3rd party applications like Splunk, EIQ or Sentinel can be used to extract the logs for historical searches.
But expect to pay some $$$'s for these products
http://www.splunk.com/
http://www.eiqnetworks.com/
http://www.netiq.com/products/sentinel-log-manager/index.asp
0
 

Author Comment

by:niniantech
ID: 37796430
great, thanks for your suggestions.
0
 

Author Closing Comment

by:niniantech
ID: 37796431
thanks
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question