<div>
<div class="content wysiwyg-content">
Currently monitoring forwarded event logs from a domain controller (Running Windows 2008 R2). Trying to use an IT monitoring application called SPLUNK (<a href="http://www.splunk.com" rel="ugc">www.splunk.com</a>) to do so. Specifically focused on monitoring logon events.Would like to be able to sort logon events by account_name and workstation_name fields.<br />
<br />
The issue: When searching through the domian controller's event logs and filtering for logon events, the program is failing to define a workstation name. It often can define an account name, but the problem is that we aren't able to correlate which account name is logging into which workstation name.<br />
<br />
Question: Why are most of the &quot;4624&quot; logon events ANONYMOUS LOGON's ? Is there a way to extract these desired fields out of the logs with SPLUNK, or is the data just withheld on the the Windows event logs? If so, how do we make so these fields are not hidden on these logs?<br />
<br />
Thanks
</div>
</div>


Currently monitoring forwarded event logs from a domain controller (Running Windows 2008 R2). Trying to use an IT monitoring application called SPLUNK (www.splunk.com) to do so. Specifically focused on monitoring logon events.Would like to be able to sort logon events by account_name and workstation_name fields.

The issue: When searching through the domian controller's event logs and filtering for logon events, the program is failing to define a workstation name. It often can define an account name, but the problem is that we aren't able to correlate which account name is logging into which workstation name.

Question: Why are most of the "4624" logon events ANONYMOUS LOGON's ? Is there a way to extract these desired fields out of the logs with SPLUNK, or is the data just withheld on the the Windows event logs? If so, how do we make so these fields are not hidden on these logs?

Thanks

Logon Event Monitoring: Workstation_Name Field Blank?

Network analysis is the process of identifying and remediating the processes and systems within a network, including performance, connectivity and security. The process is performed through the use of tools developed for monitoring and analyzing network activity. Network problems that involve finding an optimal way of doing something are studied under the name combinatorial optimization. Examples include network flow, shortest path problem, transport problem, transshipment problem, location problem, matching problem, assignment problem, packing problem, routing problem, Critical Path Analysis and PERT (Program Evaluation & Review Technique).

Network Analysis

The Microsoft Legacy Operating System topic includes legacy versions of Microsoft operating systems prior to Windows 2000: All versions of MS-DOS and other versions developed for specific manufacturers and Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions, and Windows Mobile.

Microsoft Legacy OS

IT Administration is the processes and best practices for programming and development, and incorporates methodologies for managing activities and projects. Common methodologies include waterfall, prototyping, iterative and incremental development, spiral development, rapid application development, extreme programming and various types of agile methodology. The life-cycle "model" is a more general term for a category of methodologies, and a software development "process" a more specific term to refer to a specific process chosen by a specific organization.