User login activity for servers
TonicXsonic
Member Posts: 2 ✭
Hi, I would like to know if there is a way to create an alert when there is a user to log in from the managed device. So far i don't see any option in the threshold setting for this.
Tagged:
0
Comments
-
I haven't tried it - but perhaps create a threshold profile and look for this event ID 4264 - The trouble is you probably want to filter it where LogonType=2 and atera does not support that.
You might be able to use a custom script instead attached to a threshold profile to achieve that, something like
taken from
Get-WinEvent -FilterHashtable $filterHt | foreach-Object { [pscustomobject]@{ ComputerName = $ComputerName UserAccount = $_.Properties.Value[5] UserDomain = $_.Properties.Value[6] LogonType = [LogonTypes]$_.Properties.Value[8] WorkstationName = $_.Properties.Value[11] SourceNetworkAddress = $_.Properties.Value[19] } } #output echo 1and then raise an alert if your script outputs a 1 or something.
Sorry I cannot give you an exact answer, but I hope that this helps.
1
Topics
- All Topics
- 60 Getting started
- 27 Read before posting
- 9 Meet and greet
- 316 General
- 73 News and announcements
- 2 Swag
- 5 Roadmap updates
- 1 Product Survey
- 94 Resources
- 17 Knowledge Base
- 18 Webinars
- 1 Shared Script Library
- 3 Blog
- 23 Pro Tips
- 30 Got an idea?
- 3 Atera Academy
- 8 ActionAI
- 5 Copilot
- 219 Remote Monitoring and Management
- 89 Remote Monitoring
- 29 Patch Management
- 118 Professional Services Automation
- 70 Helpdesk
- 18 Billing
- 24 Reporting
- 43 Integrations & add-ons
- 23 Integrations
- 11 Add-ons
- 113 Scripting and automations
- 62 Scripts
- 36 Automations