0 Replies Latest reply on Aug 21, 2019 10:13 AM by solarjuang

    Use Log Analyzer to log user Log on sessions in LA 2.1


      Hi all, I'm trying to create rules to log all of the users Log on events from all windows servers that I'm currently monitoring, but I want to exclude all of the rest. such as log offs, all service accounts, certain windows event IDs, but for some reason some of the rules are not applying.


      I created one rule to track and tag all of the log ons and that one is working fine, but when I create a new rule to exclude say a specific user account it doesn't it does not work. I'm doing these rules under the Windows Events Log Processing Configuration.


      Is there a specific order in which the rules must be applied or am I doing something wrong by create a rule for every single thing I want to exclude.


      For example: one rules states


      All source computers

      Log Entries


      EventID Is Equal To 4634 Log Off event ID in windows)




      Discard message


      That's my rule and I make it live.


      I have other rules like this and some work but some don't


      Any help will be greatly appreciate.