Windows users login information.

[shailu2014]

Hi,

I have one windows Server w2k8 R2 Std 64bit for application team, this server is used by Dev team and I have created three local user in this server.

Already I have configured alert on this server to monitoring CPU, HDD, Memory usage, Ping & Uptime through Nagios XI and it is working.

Please can someone help me how to configure to get the local users access log of this windows server through Nagios XI.

Thanks,
Sjain

[sreinhardt]

When you say access log, are you looking to get login\logout activity, general computer activity, or something else? What are you presently using to monitor this host?

[shailu2014]

Yes Looking for login/Logout access logs activity of users in this server by Nagios XI, This server is our critical server.

Thanks,
Sjain

[sreinhardt]

How are you presently monitoring this system? With WMI, an installed agent, or some other way? We can definitely get this information one way or another, but we want to work within what you are doing already.

[WillemDH]

Hey,

I would think you first need an audit policy. Type gpedit.msc in the Start menu. (You can also enable logon event auditing on a domain controller, gpo)

Local Computer Policy –> Computer Configuration –> Windows Settings –> Security Settings –> Local Policies –> Audit Policy. Then audit logon events n-and enable checkboxes for succes and failure.

Then you could use NSClient to look in security eventlog for event type Success Audit Event ID 4663 or use NSclient realtime eventlogging and send the events to passive Nagios service.

Grtz

Willem

[abrist]

@Willem: Tried and True Method
@OP: Let us know how this works for you . . . .