Forum Discussion

6 years ago

Monitoring Logoff/Logon Events for Anomalies

Background - We have a fairly large citrix environment(70 customers, 1200 users). Each customer has 1 or more xenapp servers depending on how many users. The environment is setup in a manner that o...

Cole_McDonald

6 years ago

Sure... I'm using this as a datasource targeting isWindows() called "Active Directory Failed Login Count"

try {
    $events = Get-WinEvent                  `
        -ComputerName    ##system.sysname## `
        -ErrorAction     SilentlyContinue   `
        -FilterHashtable @{
            LogName   = "Security"
            Id        = 4625
            StartTime = (get-date).AddMinutes(-5)
        }                                  `
        | where Message -Match "0xC000006D"
} catch {
        $events = @()
}

"$($events.count)"

No warranty for the code, use at your own risk. Please note the use of backtick line continuation for readbility.

Eric_Egolf

6 years ago

Perfect thanks Cole. This worked very well for me. The only comment is that I had to find the location of the applications and services logs. I found this article that helped.

Forum Discussion

Monitoring Logoff/Logon Events for Anomalies

Related Content

When an anomaly isn't an anomaly what could i do?

Process Monitoring

Meraki monitoring within Logic Monitor

Process monitoring (Linux)

Aruba Central Monitoring?

Recent Discussions

Dashboard Sharing – An Inline Framing Method

2021-12-15 US Office Hours

Live Training - Tuning Datapoints and Alerts - 15th JUNE 2022 - APAC

Live Training - Introduction to Dashboards - 18th MAY 2022 - APAC

2022-05-11- APAC Product Overview -Collectors, Resources/Groups, Dashboards