Dear All,
I want to create filter in syslog server to view the windows logon and logoff (event logs).
Please help me to create the filter.
Dear All,
I want to create filter in syslog server to view the windows logon and logoff (event logs).
Please help me to create the filter.
You will need to find a text string in the event logs that are sent over. Next you will set up a message text filter. Please see this link:
http://www.kiwisyslog.com/help/syslog/index.html?filters_simple.htm
Add your text to the Include box, and should only give you the event that you need.
For the Web Access you can do it easily. Filter Field select "Message Text" , IS , Like, 4624. 4624 is the event id for an "An Aacount was successfully logged on." Then do the same for 4634 "An account was logged off." That should get you started, hope it helps.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.