User login activity for servers
Options
TonicXsonic
Member Posts: 2 ✭
Hi, I would like to know if there is a way to create an alert when there is a user to log in from the managed device. So far i don't see any option in the threshold setting for this.
Tagged:
0
Comments
-
I haven't tried it - but perhaps create a threshold profile and look for this event ID 4264 - The trouble is you probably want to filter it where LogonType=2 and atera does not support that.
You might be able to use a custom script instead attached to a threshold profile to achieve that, something like
taken from
Get-WinEvent -FilterHashtable $filterHt | foreach-Object { [pscustomobject]@{ ComputerName = $ComputerName UserAccount = $_.Properties.Value[5] UserDomain = $_.Properties.Value[6] LogonType = [LogonTypes]$_.Properties.Value[8] WorkstationName = $_.Properties.Value[11] SourceNetworkAddress = $_.Properties.Value[19] } } #output echo 1and then raise an alert if your script outputs a 1 or something.
Sorry I cannot give you an exact answer, but I hope that this helps.
1
Topics
- All Topics
- 31 Getting started
- 20 Read before posting
- 7 Meet and greet
- 156 General
- 42 News and announcements
- 40 Resources
- 7 Knowledge Base
- 7 Webinars
- 1 Shared Script Library
- Blog
- 4 Pro Tips
- 21 Got an idea?
- 93 Remote Monitoring and Management
- 67 Remote Monitoring
- 18 Patch Management
- 64 Professional Services Automation
- 42 Helpdesk
- 7 Billing
- 14 Reporting
- 25 Integrations & add-ons
- 16 Integrations
- 6 Add-ons
- 69 Scripting and automations
- 43 Scripts
- 22 Automations