User login activity for servers
TonicXsonic
Member Posts: 2 ✭
Hi, I would like to know if there is a way to create an alert when there is a user to log in from the managed device. So far i don't see any option in the threshold setting for this.
Tagged:
0
Comments
-
I haven't tried it - but perhaps create a threshold profile and look for this event ID 4264 - The trouble is you probably want to filter it where LogonType=2 and atera does not support that.
You might be able to use a custom script instead attached to a threshold profile to achieve that, something like
taken from
Get-WinEvent -FilterHashtable $filterHt | foreach-Object { [pscustomobject]@{ ComputerName = $ComputerName UserAccount = $_.Properties.Value[5] UserDomain = $_.Properties.Value[6] LogonType = [LogonTypes]$_.Properties.Value[8] WorkstationName = $_.Properties.Value[11] SourceNetworkAddress = $_.Properties.Value[19] } } #output echo 1and then raise an alert if your script outputs a 1 or something.
Sorry I cannot give you an exact answer, but I hope that this helps.
1
Topics
- All Topics
- 43 Getting started
- 26 Read before posting
- 9 Meet and greet
- 273 General
- 74 News and announcements
- 2 Swag
- 3 Roadmap updates
- 1 Product Survey
- 90 Resources
- 15 Knowledge Base
- 18 Webinars
- 1 Shared Script Library
- 2 Blog
- 22 Pro Tips
- 30 Got an idea?
- 3 Atera Academy
- 3 ActionAI
- 1 Copilot
- 146 Remote Monitoring and Management
- 85 Remote Monitoring
- 29 Patch Management
- 113 Professional Services Automation
- 67 Helpdesk
- 17 Billing
- 24 Reporting
- 43 Integrations & add-ons
- 23 Integrations
- 11 Add-ons
- 109 Scripting and automations
- 62 Scripts
- 32 Automations