I am new to GoToManage and wondering how I set up an event to notify of failed logins from my server event viewers. A couple things we are looing for are failed SQL Database attempts and also RDP. I don’t see anything like this in the standard events to choose from.

Hi Rick,
if the eventid is collected in the Logs application, you can set an custom Alert indicating the eventid. in this way you should get an alert on every failed login.

Thanks Thomas. Can you please elaborate? I.e. I’ve tried searching for EventCode=529 and don’t get any results, even though I know that’s inside the security log of the server.

Thanks!

Hi Jeff,
Have you check if the Security Event logs are collected in gotomanage? If not you should configure the Crawler WMI Event login to collect Event logs Security Audit Failure.
If you then Search in the log files source::win_event_log:Security 529 you should then get a list whit all Events 529. On good result try on the Alert Application
Regards,
Thomas

Thanks Thomas. Forgive me, but where do I configure the WMI Event Login to collect logs for Security events? When I go into configure crawler, It’s not clear to me where that is. Thanks!

- Jeff

Hi Jeff,

Go to "monitoring>crawlers and select your crawler. If you are using the default schedule, the “monitor windows servers” schedule has the wmi_event_log plugin. You will need to click on that schedule and click on the “set parameters” option. I set mine from “error” to “security audit success”. After the next scheduled run time for the plugin you should be able to use the share it for “all logons by users”