Jump to content


Photo

Custom Event ID attribute trigger


  • Please log in to reply
2 replies to this topic

#1 abteenz

abteenz

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 12 October 2015 - 02:10 PM

I want to log the login attempts on file servers but it logs all the file access logon events categorized as Logon Type: 3.

I want only alert on logon type: 2

 

how this is achieved? 

 

thanks



#2 jeffb

jeffb

    Advanced Member

  • Administrators
  • PipPipPip
  • 375 posts
  • Gender:Male

Posted 13 October 2015 - 12:24 PM

abteenz,

 

You can create an exclusion filter for the network logon type.  The index would be 9 and the substring would be 3.

 

-Jeff



#3 abteenz

abteenz

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 17 October 2015 - 10:04 AM

You mean something like this?

dfTbRp2.png






0 user(s) are reading this topic

0 members, guests, anonymous users