Jump to content


Photo

Auditing computer activity


  • Please log in to reply
2 replies to this topic

#1 alfa21

alfa21

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 08 January 2018 - 03:52 PM

Hi,

 

We have configured AD logon activity, but it doesn't seem to be that accurate, at least at our system. It is not showing all logon activity coming from computers. I know some auditing solution have the option to configure auditing directly on the computers, and one can know whether who logins locally, remotely, or even you unlock the computer. This opsion I cannot find in the Netwrix.

 

How Netwrix collects this information, only from DC, or includes computers, as well. Is there any more detailed documentation on this?

 

Regards,

 



#2 Yan Skursky

Yan Skursky

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 10 January 2018 - 11:03 AM

That depends. AD logon activity collects information from DC. But you are welcome to add windows computers as monitored systems to add logon activity from local logs. 

 

v9M6OVS.png

 

tnwCdE6.png



#3 Jadentek

Jadentek

    Newbie

  • Members
  • Pip
  • 9 posts
  • Gender:Male
  • Location:US

Posted 10 January 2018 - 07:21 PM

AD Logon Activity Auditing will only report on Domain Authentication

The Event Log Manager ( ELM ) can be used as Yan Skursky noted, however, this is not a Windows Server collection.

ELM can be set to collect from every Windows System in the environment

KB1904 Audit logon events https://www.netwrix.com/kb/1904

These canned filters do not include the
4801: The workstation was unlocked a new filter
https://www.ultimate...px?eventid=4801
will be needed for these and are not part of the ELM logon reports the All Events by User will need to be used.

XaiFqwh.png

To add another filter there is an example in the KB1568 How to configure real-time alert for specific events? https://www.netwrix.com/kb/1568
**Just follow these under the inclusive filter part***

ELM Settings:
AP7Krph.png

TqaM38W.png






0 user(s) are reading this topic

0 members, guests, anonymous users