Is there a way to generate a system alert on a windows 2003 server whenever there is an ANONYMOUS LOGON event in the event viewer?
Asked
Active
Viewed 432 times
4 Answers
1
In other words, yes you can do this but not out of the box. As mh stated your best bet is to script this, or use a tool for monitoring event logs. There are a number of ways to do what you want.
Mojeska
- 166
- 4
1
My answer here will probably do what you're looking for with a bit of modification.
Basically, you can install a script, running as a service, to receive notification when new events are posted to the event log and act upon those events.
My script in that answer can be used to monitor events matching a combination of : event log (Application, Security, System, etc), event ID, category, type, user, and a regexp match on the event message. The script, as written there, sends emails. You could easily plumb it to do something else.
Evan Anderson
- 141,071
- 19
- 191
- 328
0
It depends on what kind of system alert you want. If you're not averse to a bit of coding you could write a Windows Service that periodically scans these logs and looks for what you want, then reacts accordingly. You could also use something like MOM (or whatever it's called this week) or a similar third party application to do the work for you. A third (and cruder) option would be to use the publishing feature of newer Windows OSs and have a Computer Management (or Event Log) window open on your desktop with a filtered view of the security log, periodically hitting F5 to update.
Maximus Minimus
- 8,937
- 1
- 22
- 36
0
If you're in a multi-OS environment and are willing to put some work in, you can setup Windows to send it's logs via syslog to a remote server (such as a Linux server running syslog-ng), and then run a tool such as SEC to keep an eye on the logs and notify you when an anonymous login (or anything) happens.
JamesHannah
- 1,731
- 2
- 11
- 22