Trigger for multiple login failures from same machine?
One of the fingerprints of an across the LAN viral/worm attack is often many failed logins for various "guessed" usernames and/or passwords. I'd like to be able to trigger an alert (or email) to warn of the action. It's hard to keep an eye on the security log for 2-3K machines in a domain. This would put the reporting onus on the individual machines and then a central SNMP or email receiver could handle the actual alert, allowing us to nip any problem much sooner. Does anyone have any suggestions?? The event ID in question is 4625. It would be nice if the solution could work on XP/2K3/2K8/Vista/W7 but if only one it would still be better than the current nothing that we have. Thank you!
June 10th, 2011 11:27am

I'd like to be able to trigger an alert (or email) to warn of the action. It's hard to keep an eye on the security log for 2-3K machines in a domain. Start by picking the free version of this program (it's developed by a dear friend of mine and can say there's no "nasty" stutt in it) http://www.health-monitor.com/en/Home.aspx install the program on the boxes to be monitored then proceed configuring the eventlog monitoring to fit your needs and also configure the alerting so that you'll get emails in case some of the trigger conditions gets a hit (also configure how and when to send the alerts to avoid getting a flurry of messages) and let it go; then, by the way, if you think it's what you need... have a look at the commercial version which adds a lot of features and... btw has full support :) -- uh, and please ensure to read the documentation and to see the presentation http://www.health-monitor.com/demo/DEMO.html which imHo explains quite well what the program can do ;-)
Free Windows Admin Tool Kit Click here and download it now
June 10th, 2011 11:36am

I'd like to be able to trigger an alert (or email) to warn of the action. It's hard to keep an eye on the security log for 2-3K machines in a domain. Start by picking the free version of this program (it's developed by a dear friend of mine and can say there's no "nasty" stutt in it) http://www.health-monitor.com/en/Home.aspx install the program on the boxes to be monitored then proceed configuring the eventlog monitoring to fit your needs and also configure the alerting so that you'll get emails in case some of the trigger conditions gets a hit (also configure how and when to send the alerts to avoid getting a flurry of messages) and let it go; then, by the way, if you think it's what you need... have a look at the commercial version which adds a lot of features and... btw has full support :) -- uh, and please ensure to read the documentation and to see the presentation http://www.health-monitor.com/demo/DEMO.html which imHo explains quite well what the program can do ;-) Thanks. I'll have a look at this. I don't know why I didn't get an email alert regarding the reply post but now that I've read it... I'll have a look! Cheers!
June 30th, 2011 5:39pm

You're welcome; give it a spin and then decide; as a note, since you were referring to viral infections and the like, please, have a look at this program too; the idea is to install that app on a dedicated box and connect that box so that it will be able to see all your LAN<->WAN traffic - the program, once started will constantly monitor your network traffic and check for possible "viral" signs and, in such a case, alert you and generate full reports which may/will allow you to quickly react to infections... even if there are no "signatures" for a particular type of malware. For more infos, please see here and here - I think you'll see how it may help you :) HTH
Free Windows Admin Tool Kit Click here and download it now
July 4th, 2011 12:09pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics