User login activity for servers
TonicXsonic
Member Posts: 2 ✭
Hi, I would like to know if there is a way to create an alert when there is a user to log in from the managed device. So far i don't see any option in the threshold setting for this.
Tagged:
0
Comments
-
I haven't tried it - but perhaps create a threshold profile and look for this event ID 4264 - The trouble is you probably want to filter it where LogonType=2 and atera does not support that.
You might be able to use a custom script instead attached to a threshold profile to achieve that, something like
taken from
Get-WinEvent -FilterHashtable $filterHt | foreach-Object { [pscustomobject]@{ ComputerName = $ComputerName UserAccount = $_.Properties.Value[5] UserDomain = $_.Properties.Value[6] LogonType = [LogonTypes]$_.Properties.Value[8] WorkstationName = $_.Properties.Value[11] SourceNetworkAddress = $_.Properties.Value[19] } } #output echo 1and then raise an alert if your script outputs a 1 or something.
Sorry I cannot give you an exact answer, but I hope that this helps.
1
Topics
- All Topics
- 41 Getting started
- 25 Read before posting
- 8 Meet and greet
- 237 General
- 64 News and announcements
- 1 Swag
- 1 Roadmap updates
- 79 Resources
- 12 Knowledge Base
- 16 Webinars
- 1 Shared Script Library
- 2 Blog
- 19 Pro Tips
- 27 Got an idea?
- 3 Atera Academy
- 2 ActionAI
- 1 Copilot
- 140 Remote Monitoring and Management
- 84 Remote Monitoring
- 27 Patch Management
- 105 Professional Services Automation
- 64 Helpdesk
- 17 Billing
- 21 Reporting
- 36 Integrations & add-ons
- 20 Integrations
- 10 Add-ons
- 103 Scripting and automations
- 61 Scripts
- 30 Automations