User login activity for servers
TonicXsonic
Member Posts: 2 ✭
Hi, I would like to know if there is a way to create an alert when there is a user to log in from the managed device. So far i don't see any option in the threshold setting for this.
Tagged:
0
Comments
-
I haven't tried it - but perhaps create a threshold profile and look for this event ID 4264 - The trouble is you probably want to filter it where LogonType=2 and atera does not support that.
You might be able to use a custom script instead attached to a threshold profile to achieve that, something like
taken from
Get-WinEvent -FilterHashtable $filterHt | foreach-Object { [pscustomobject]@{ ComputerName = $ComputerName UserAccount = $_.Properties.Value[5] UserDomain = $_.Properties.Value[6] LogonType = [LogonTypes]$_.Properties.Value[8] WorkstationName = $_.Properties.Value[11] SourceNetworkAddress = $_.Properties.Value[19] } } #output echo 1and then raise an alert if your script outputs a 1 or something.
Sorry I cannot give you an exact answer, but I hope that this helps.
1
Topics
- All Topics
- 42 Getting started
- 26 Read before posting
- 8 Meet and greet
- 257 General
- 71 News and announcements
- 2 Swag
- 1 Roadmap updates
- 83 Resources
- 12 Knowledge Base
- 17 Webinars
- 1 Shared Script Library
- 2 Blog
- 21 Pro Tips
- 28 Got an idea?
- 3 Atera Academy
- 2 ActionAI
- 1 Copilot
- 142 Remote Monitoring and Management
- 85 Remote Monitoring
- 28 Patch Management
- 107 Professional Services Automation
- 65 Helpdesk
- 17 Billing
- 22 Reporting
- 41 Integrations & add-ons
- 22 Integrations
- 11 Add-ons
- 108 Scripting and automations
- 62 Scripts
- 32 Automations