Checks the event log for logon security events.
This event monitor scans the security event logs on remote machines. It can be configured to alert about failed login attempts. It can also be set to check for specific users and alert if specified users are found or if it finds users that are not in a list that you specify.
This event monitor provides the following options:
Use this option to get alerts if FrameFlow could not contact the selected device.
Use this option to get alerts when one or more failed login attempts are found.
Use this option to exclude events indicating the need for additional preauthentication from the failed login notification option.
Use this option to exclude login attempts where the username was correct but the password was not.
Use this option to specify users that are permitted to have a session.
Use this option to be alerted if a banned user begins a session.
This option and its related suboptions let you receive alerts if the event monitor detects one or more locked or unlocked account event since the event monitor last ran.
Here, you can specify a comma-separated list of users to check. All other users will be skipped over during checks.
Here, you can specify a comma-separated list of users to ignore.
The account used for monitoring must have admin rights.
This event monitor does not generate any data points.
To view the tutorial for this event monitor, click here.
Add a comment