If we say Solarwinds is installed on Windows products, your Active Directory / RADIUS logs should show attempts, successes, and failures.  I like having that information there because it gives our I.T. Security and Help Desk teams the ability to control & audit access without them having to manage yet another system (Orion servers).

Have you confirmed the desired records are showing up on your Windows server's logs, and in Security's records that are regularly audited by your Security Team?

I wouldn't put SOLE logging into Solarwinds, but I can see it would be interesting to have the records available.

You are correct that we are obtaining windows security events for those accounts which are AD integrated.

However the local admin account (s) or other user accounts (in the case where we have to create because SW does not support multiple Domains) could be subject to abuse without any records of logging.

We would see that we would incorporate the additional application audit logging into our SIEM solution.

Miron

This would be a very desirable function.

Some customers have a requirement for specific audit logs and failed attempts is always included in such requirements.

I also have customers with multiple domains and they need to use only local accounts.

Is this still accurate information? It's incredible to me that failed authentication attempts are not logged. My company has a regulatory requirement to alert for failed authentication attempts. If it's true that this is not logged, then we are going to have to document this fact and do a bunch of paperwork every 90 days.