cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Audit Log should show failed login attempts

Audit Log should show failed login attempts

Hi,


Currently the audit log does not log failed login attempts not does it display connection attempts via the API.

Please raise this as a feature request.

M

5 Comments

If we say Solarwinds is installed on Windows products, your Active Directory / RADIUS logs should show attempts, successes, and failures.  I like having that information there because it gives our I.T. Security and Help Desk teams the ability to control & audit access without them having to manage yet another system (Orion servers).

Have you confirmed the desired records are showing up on your Windows server's logs, and in Security's records that are regularly audited by your Security Team?

I wouldn't put SOLE logging into Solarwinds, but I can see it would be interesting to have the records available.

Level 10

You are correct that we are obtaining windows security events for those accounts which are AD integrated.

However the local admin account (s) or other user accounts (in the case where we have to create because SW does not support multiple Domains) could be subject to abuse without any records of logging.

We would see that we would incorporate the additional application audit logging into our SIEM solution.

Miron

This would be a very desirable function.

Some customers have a requirement for specific audit logs and failed attempts is always included in such requirements.

I also have customers with multiple domains and they need to use only local accounts.

Is this still accurate information? It's incredible to me that failed authentication attempts are not logged. My company has a regulatory requirement to alert for failed authentication attempts. If it's true that this is not logged, then we are going to have to document this fact and do a bunch of paperwork every 90 days.

Community Manager
Community Manager
Status changed to: Open for Voting