1 Reply Latest reply on Feb 10, 2014 5:55 PM by nicole pauls

    LEM LDAP Authentication logs

    freewill

      Hi,

       

      We use AD (2012) to get authentication for Radius (VPN), web applications as well as Ubuntu machines also use AD (via Centrify) to login.  My question is :

       

      how to get login//authentication logs of such LDAP authentication ?

       

      Do I need to configure special connector or it is  already captured through windows connectors. If Yes, how to see them

       

      Thanks

        • Re: LEM LDAP Authentication logs
          nicole pauls

          If everyone is using Active Directory, all of the authentication activity should also be logged in AD. You'll need to monitor the Windows Security Logs on all Domain Controllers in your Active Directory domain. There's no guarantee which one will service the logon, so you have to audit all of them.

           

          By default, when you install the LEM agent, it will enable connectors for the traditional Windows Application, Security, and System Logs. You also need to make sure you have an audit policy set up to audit logon activity, and the event logs are set to overwrite as needed so they don't fill and stop logging.