Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Monitoring of Admin logins

From: "Petter Bruland" <pbruland () fcglv com>
Date: Tue, 10 Apr 2007 10:25:08 -0700
You might be able to do this by using Evtsys and a syslog server.
On the syslog server you would have to setup some sort of triggered
event based on the incoming syslog event.

Evtsys -
https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys
Syslog server - http://www.kiwisyslog.com/index.php

!*!* Not sure if the free Kiwi syslog server will be able to send emails
etc based on the syslog message it receives.

Anyway, we'll probably see some other solutions from this list that will
work better.

-Petter


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Sohail Sarwar
Sent: Tuesday, April 10, 2007 9:26 AM
To: security-basics () securityfocus com
Subject: Monitoring of Admin logins

Hi there,

        I am assuming this have been done, but how ?  I would like to
get notified when a user logs in to my domain as an admin
(Administrator)  I have several people who are using the admin account,
and I would like to setup something so that it notifies me via and email
that a specific person has logged in to the domain controller or windows
2003 servers as the administrator.

        I guess something like who the user is and from where..  Is
there such a thing ?

Thanks,
Sohail
Previous By Date Next
Previous By Thread Next

Current thread: