Eugen 2006-07-21 22:09:19
I want to monitor Failed Logons. I’ve made an Event Rule with
provider:”Security” and the rule is looking for EventId 529. But I don’t
receive any alert in MOM Console even if I made some failure logon attempts.
Ryan brennanvv 2006-07-21 22:09:48
Are you logging those events? You need to make sure you have Audit Logon
Events turned on for both your DC’s and member server. Is this turned on for
oth Group Policies?
Eugen 2006-07-21 22:10:20
I saw these events in Security Log on all servers… and I have a lot of
servers, so I need something to saw alerts when these security events occur.
Ryan brennanvv 2006-07-21 22:10:43
As long as you have the rule setup correctly and the rule groups associated
with the right computers it should start collecting. Strange, can you give me
details on the rules you have setup.
I am not sure how comprehensive of a compliance solution you are looking
for, but http://www.securevantage.com has a complete MP for security
auditing,reporting for compliance. You can download the free trial and be up
in running shortly for all your needs and much more.
Pete zerger 2006-07-21 22:11:02
Robert Smit put a homegrown base Security MP together that may offer some
helpful examples for you.
There’s a link to the download here: http://www.momresources.org/downloads-managementpacks.shtml
….or find me in the forums at http://momcommunity.com
E> I saw these events in Security Log on all servers… and I have a lot
E> of servers, so I need something to saw alerts when these security
E> events occur.