Syskit Monitor
Try it for FreeContact UsProduct Site
  • Syskit Monitor
  • Product Updates
    • Syskit Monitor 9.1.0 - Release Note
    • Syskit Monitor 9 – The monster has awoken!
    • Syskit Monitor 8.4.0 - Release Note
    • Syskit 2012 R2 8.3.0 - Release Note
    • Syskit 2012 R2 8.2.0 Release Note
    • Syskit 2016 R2 8.0.1 - Release Note
    • Syskit 2016 R2 – Monitor and script all the things!
  • Requirements
    • System Requirements
    • User Permission Requirements
    • Pre Installation Requirements
  • Installation and Configuration
    • Install Wizard
      • Install Syskit Monitor
      • Install Syskit Monitor Data Collector
    • Configuration Wizard
      • Configure Syskit Monitor
      • SQL Permissions
        • Create a SQL Server Login
        • Create a SQL Server Database
        • Create a Service User Login Permission
        • Connect an Existing Database
    • Upgrade to the Latest Version
    • Uninstall Wizard
  • Editions
    • Editions
  • Activation
    • Activation Privacy Statement
    • Online and Offline Activation
    • Activation FAQ
  • Get to Know Syskit Monitor
    • Quick Start Guide
    • Administration
      • Servers and Groups
      • Monitoring Templates
      • PowerShell Scripts
    • Backstage Screen
      • Manage Data Gathering
      • Help Screen
      • Configuration
        • Configure
        • Options
      • Syskit Monitor Web App
    • Dashboards
      • Sessions Dashboard
      • Performance Dashboard
    • Reports
      • User Reports
      • Application Reports
      • Performance Reports
        • System Overview
        • Computer Performance
        • Application Performance
        • User Performance
      • Gateway Reports
      • License Reports
      • Event Log Reports
      • Inventory Reports
        • Hardware and Software
        • Powershell Reports
        • Compare Wizard
      • Custom Reports
  • Common Tasks with Syskit Monitor
    • Monitoring Windows Server and Application Performance
    • Monitoring and Restarting Stopped Windows Services
    • Real Time Alerting
    • Monitoring User Activities and Application Usage
    • Monitoring RD Gateway Connections
    • File System Auditing
    • Malicious IP Blocking
    • Computer Inventory
  • How To
    • Custom Reports
      • Create Custom Report
      • Create SQL Custom Report
      • Create an Alert
    • Users
      • Add Users Manually
      • Add Users From Active Directory
      • Manage Security Permissions
    • Dashboards
      • Create a Custom Dashboard
      • Edit Dashboards
      • Add Formatting Condition to Metrics
    • Reports
      • Export Report to Excel
      • Configure Cost Overview Report
      • Configure Report Subscriptions
      • Create Customized Report Views
    • Computers
      • Add/Remove or Delete Computer from Monitoring
      • Add Citrix Servers to Monitoring
    • Monitoring Templates
      • Predefined Monitoring Templates
      • Template Wizard
      • Import / Export Monitoring Template
      • Download Templates
    • Powershell Scripts
      • PowerShell Wizard
      • Manage Scripts
      • Import / Export PowerShell Script
      • Import and Use PowerShell Script Modules
      • Download Scripts
    • Service Accounts
      • Add Service User to Local Administrators Group via Group Policy
      • Add Service User to Local Administrators Group Manually
    • Audit Events
      • Enable Folder Auditing
      • Configure Audit Logon Events
      • Configure Syskit Monitor server to support the Block Malicious IP Addresses feature
    • Citrix Xenapp
      • Allow Remote RPC on Xenapp
      • Monitor Citrix Published Applications
      • Configure Syskit Monitor for Citrix XenApp 5 Published Application monitoring
      • Configure Syskit Monitor for Citrix XenApp 6.x Published Application monitoring
      • Configure Syskit Monitor for Citrix XenApp 7.x Published Application monitoring
    • Performance Counters Management
    • Manage Syskit Monitor Data Collector
    • Move database to new server
    • Exclude installation folder from antivirus scanning
  • FAQ
    • FAQ
  • Troubleshooting
    • SQL Server Connection
    • SQL Server Express 2012 LocalDB
    • How to resolve the Offline and Unauthorized computer states
    • Network Ports
    • Fixing WMI to work with Syskit Monitor
    • Enable-PSRemoting for untrusted domains to work with Syskit Monitor
    • Configuring CredSSP for use with PowerShell in Syskit Monitor
    • Installation Issues
    • User States
    • User Connections
    • Miscellaneous
Powered by GitBook
On this page
  • Configuring Group Policy
  • A) Configuring Group Policy for a domain WITHOUT Group Policy Management feature:
  • B) Configuring Group Policy for a domain WITH Group Policy Management feature:
  • Enable the Extract Event Log system job in the Syskit Monitor

Was this helpful?

  1. How To
  2. Audit Events

Configure Audit Logon Events

This article explains steps required to configure Audit Logon Events for Windows Servers.

Audit logon events can be used to detect failure logons to your server,hacker attacks and former employees failure logons. The Syskit Monitor will report information about users trying to log in, source IP address and computer name being used.

Auditing is a Windows feature that is configured via Group Policy. Every audit event is stored in the event log. We use the information provided in the event log and combine it with the existing data (user activities, applications being used…) to create a central monitoring station for your computers.

Here is the info on how to turn on the logon failure audit events for your computer(s). In order to enable Audit Logs you need to:

  1. Configure a Group Policy.

  2. Enable the Extract Event Log system job in Syskit Monitor.

Configuring Group Policy

A) Configuring Group Policy for a domain WITHOUT Group Policy Management feature:

  1. Login to you Domain Controller with an account that has Domain Administrator privileges.

  2. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.

  3. On the View menu, click the Advanced Features.

  4. Right-click Domain Controllers, and then click Properties.

  5. Click the Group Policy tab, click Default Domain Policy, and then click Edit.

  6. Click Computer Configuration, double-click Windows Settings, double-click Security Settings, double-click Local Policies, and then double-click Audit Policy.

  7. In the right pane, right-click Audit Logon Events and then click Properties.

  8. Click Define These Policy Settings, and then select Failure. Click OK.

  9. The changes you made will only take effect when the policy setting is propagated or applied to your computer. Complete either of the following steps to initiate policy propagation right now:

    • Type gpupdate /force at the command prompt of a server and then press ENTER. The policy will be updated.

    • Wait for automatic policy propagation that occurs at regular intervals that you can configure. By default, policy propagation occurs every five minutes.

B) Configuring Group Policy for a domain WITH Group Policy Management feature:

  1. Login to you Domain Controller with an account that has Domain Administrator privileges.

  2. Click Start, point to Programs, point to Administrative Tools, and then click Group policy management.

  3. Click Default Domain Policy, and then click Edit (in case you have a special policy only for terminal servers select that policy.

  4. Click Computer Configuration, double-click Windows Settings, double-click Security Settings, double-click Local Policies, and then double-click Audit Policy.

  5. In the right pane, right-click Audit Logon Events, and then click Properties.

  6. Click Define These Policy Settings and then select Failure. Click OK.

  7. The changes you made will only take effect when the policy setting is propagated or applied to your computer. Complete either of the following steps to initiate policy propagation right now:

    • Type gpupdate /force at the command prompt of a server and then press ENTER. The policy will be updated.

    • Wait for automatic policy propagation that occurs at regular intervals that you can configure. By default, policy propagation occurs every five minutes.

Enable the Extract Event Log system job in the Syskit Monitor

You need to enable collection of event log data under File > Manage > System Jobs and you are good to go. Syskit Monitor will start to collect audit information from the Event Log on a regular basis.

PreviousEnable Folder AuditingNextConfigure Syskit Monitor server to support the Block Malicious IP Addresses feature

Last updated 1 year ago

Was this helpful?

See the article for more detailed information.

Extract Event Log