Ad Widget

Collapse

Windows Event Log Monitoring Quesiton

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • niceguy167
    Junior Member
    • Aug 2012
    • 3
    #1

    Windows Event Log Monitoring Quesiton

    I am trying to configure the event log monitoring to log if there is an administrator that gets logged in.
    eventlog[Security,,"Success Audit",,528|680]
    I have this set which works however it loggs all logins
    I am wondering how i could configure it so that it would just log user Adminstrator so i could know if the admin account is being used?
    Also what would the trigger be?
    Thanks
    Steven
    Tags: None
    • imransafi
      Junior Member
      • Aug 2012
      • 24
      #2
      NiceGUy

      Hi,

      I have got an idea but not practice yet try to use administrator ID in
      eventlog[Security,,"Success Audit",,528|680] It might work.

      cheers,

        Comment

        • niceguy167
          Junior Member
          • Aug 2012
          • 3
          #3
          can you give an example of the administrator ID
          are you taling the actual name like administrator or a ID from the event log?
          Thanks again for your help

            Comment

            • imransafi
              Junior Member
              • Aug 2012
              • 24
              #4
              Niceguy

              I meant if you can find Builten users like Administrator ID if possible I am just giving you idea

                Comment

                Previous template Next
                Working...