Syskit Monitor
Try it for FreeContact UsProduct Site
  • Syskit Monitor
  • Product Updates
    • Syskit Monitor 9.1.0 - Release Note
    • Syskit Monitor 9 – The monster has awoken!
    • Syskit Monitor 8.4.0 - Release Note
    • Syskit 2012 R2 8.3.0 - Release Note
    • Syskit 2012 R2 8.2.0 Release Note
    • Syskit 2016 R2 8.0.1 - Release Note
    • Syskit 2016 R2 – Monitor and script all the things!
  • Requirements
    • System Requirements
    • User Permission Requirements
    • Pre Installation Requirements
  • Installation and Configuration
    • Install Wizard
      • Install Syskit Monitor
      • Install Syskit Monitor Data Collector
    • Configuration Wizard
      • Configure Syskit Monitor
      • SQL Permissions
        • Create a SQL Server Login
        • Create a SQL Server Database
        • Create a Service User Login Permission
        • Connect an Existing Database
    • Upgrade to the Latest Version
    • Uninstall Wizard
  • Editions
    • Editions
  • Activation
    • Activation Privacy Statement
    • Online and Offline Activation
    • Activation FAQ
  • Get to Know Syskit Monitor
    • Quick Start Guide
    • Administration
      • Servers and Groups
      • Monitoring Templates
      • PowerShell Scripts
    • Backstage Screen
      • Manage Data Gathering
      • Help Screen
      • Configuration
        • Configure
        • Options
      • Syskit Monitor Web App
    • Dashboards
      • Sessions Dashboard
      • Performance Dashboard
    • Reports
      • User Reports
      • Application Reports
      • Performance Reports
        • System Overview
        • Computer Performance
        • Application Performance
        • User Performance
      • Gateway Reports
      • License Reports
      • Event Log Reports
      • Inventory Reports
        • Hardware and Software
        • Powershell Reports
        • Compare Wizard
      • Custom Reports
  • Common Tasks with Syskit Monitor
    • Monitoring Windows Server and Application Performance
    • Monitoring and Restarting Stopped Windows Services
    • Real Time Alerting
    • Monitoring User Activities and Application Usage
    • Monitoring RD Gateway Connections
    • File System Auditing
    • Malicious IP Blocking
    • Computer Inventory
  • How To
    • Custom Reports
      • Create Custom Report
      • Create SQL Custom Report
      • Create an Alert
    • Users
      • Add Users Manually
      • Add Users From Active Directory
      • Manage Security Permissions
    • Dashboards
      • Create a Custom Dashboard
      • Edit Dashboards
      • Add Formatting Condition to Metrics
    • Reports
      • Export Report to Excel
      • Configure Cost Overview Report
      • Configure Report Subscriptions
      • Create Customized Report Views
    • Computers
      • Add/Remove or Delete Computer from Monitoring
      • Add Citrix Servers to Monitoring
    • Monitoring Templates
      • Predefined Monitoring Templates
      • Template Wizard
      • Import / Export Monitoring Template
      • Download Templates
    • Powershell Scripts
      • PowerShell Wizard
      • Manage Scripts
      • Import / Export PowerShell Script
      • Import and Use PowerShell Script Modules
      • Download Scripts
    • Service Accounts
      • Add Service User to Local Administrators Group via Group Policy
      • Add Service User to Local Administrators Group Manually
    • Audit Events
      • Enable Folder Auditing
      • Configure Audit Logon Events
      • Configure Syskit Monitor server to support the Block Malicious IP Addresses feature
    • Citrix Xenapp
      • Allow Remote RPC on Xenapp
      • Monitor Citrix Published Applications
      • Configure Syskit Monitor for Citrix XenApp 5 Published Application monitoring
      • Configure Syskit Monitor for Citrix XenApp 6.x Published Application monitoring
      • Configure Syskit Monitor for Citrix XenApp 7.x Published Application monitoring
    • Performance Counters Management
    • Manage Syskit Monitor Data Collector
    • Move database to new server
    • Exclude installation folder from antivirus scanning
  • FAQ
    • FAQ
  • Troubleshooting
    • SQL Server Connection
    • SQL Server Express 2012 LocalDB
    • How to resolve the Offline and Unauthorized computer states
    • Network Ports
    • Fixing WMI to work with Syskit Monitor
    • Enable-PSRemoting for untrusted domains to work with Syskit Monitor
    • Configuring CredSSP for use with PowerShell in Syskit Monitor
    • Installation Issues
    • User States
    • User Connections
    • Miscellaneous
Powered by GitBook
On this page
  • Audit Reports
  • System Logs
  • File System Audit Reports
  • Blocked IP Addresses

Was this helpful?

  1. Get to Know Syskit Monitor
  2. Reports

Event Log Reports

Learn how to use Syskit Monitor to track all user activities performed on the file system.

PreviousLicense ReportsNextInventory Reports

Last updated 1 year ago

Was this helpful?

The Event Log Reports are used to track security-related information and events on a computer system. These include:

  • Auditing successful and failed logon attempts.

  • Tracking when and why the users restart or shutdown their computers, as well as how long a Microsoft Windows system has been powered on without a restart.

  • Monitoring of operations performed on the file system.

  • Preventing attackers from guessing users’ passwords, and decreasing the likelihood of successful attacks on your network.

Syskit Monitor allows you to monitor all user activities performed on the file system. The Event Log reports will show you all read, write, append and delete operations performed on selected files and folders. Administrators can select the paths they want to monitor as well as file types that will be included in these reports. This kind of reports also include Blocked IP Addresses report.

Please note! In order to see the Event Log Reports data it is necessary to configure system job. Report data will be available after the Event Log system job execution.

Currently available reports are:

Audit Reports

  • Logon Audit – This report will show you a complete logon history overview on all computers – track successful and failed logon events.

System Logs

  • Restart Log – This history report will show you a complete list of every time the Windows Servers have restarted or shutdown and the reason why, including the user account who initiated a restart or shutdown.

  • System Uptime – This report will show you how long a Microsoft Windows system has been powered on without a restart or if a reboot has been applied to the system recently.

File System Audit Reports

  • File Access Audit Log – Shows file access history and actions performed on files,as well as the exact time.

  • File Access Audit – Summarizes the number of Read, Write, and Update actions per file and user.

Blocked IP Addresses

Syskit Monitor detects potentially malicious IP addresses – this report shows the list of blocked IP addresses via Windows Firewall rules.

In order to be able to see this report, you should necessarily have the Extract Event Log system job enabled and running.

  1. Navigate to the File > Manage > System Jobs.

  2. In the System Jobs dialog double click Extract Event Log. Check in the Collect Event log data and Block malicious IP addresses option. Set after how many failed attempts to block the malicious IP address and after how many hours to unblock the same address.

The next option that needs to be enabled for this feature’s good performance is Public IP Fetching.

  1. Navigate to the File > Configuration > Options > General.

  2. Check in the Enable public IP fetching option and click Save to confirm the changes.

After every Event Log system job run, each IP address that had more than or exactly X failed attempts will be blocked for Y hours. You will be able to see the malicious IP addresses in the Block IP Addresses report. (In this case after the 5 failed logon attempts, malicious IP address will be blocked for the next 24 hours.)

Please note! If you are having problem seeing this report check if you have properly to support this feature.

See to learn more. See to learn more. See to learn more.

configured Syskit Monitor server
How to Enable Folder Auditing
How to Configure Audit Logon Events
How to Configure Server to support Block Malicous IP Addresses feature
Extract Event Log