IP address in security event log?

D

Dario

hi all,
on my win2k Adv Server i noticed a lot of 529 event id
like this:
Logon Failure:
Reason: Unknown user name or bad password
User Name: Administrator
Domain: JULIETTE
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name:JULIETTE

I'd like that windows will be able to log the ip address,
not just the name of the domain. Is it possible to do it?
Thanks, Dario
 
K

Keith W. McCammon

I'd like that windows will be able to log the ip address,
not just the name of the domain. Is it possible to do it?
Thanks, Dario
Click to expand...

Not that I'm aware. I dump all of my security logs to a DB, and just
perform a lookup using Perl against the fields.
 
S

Steven L Umbach

Not consistently - Windows 2003 is supposed to have fixed that. Look
into using something like Sygate Pro personal firewall. It is worth if for
it's logging alone and you can shut down the firewall. Then you can
correlate failures in the security log to events in the firewall log by
time. It also has a backtrace function. You can download and try it for
free. -- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Password checking is running-please help 3
Security Event 529 1
Logon Failure EventID: 529 2
Audit Failures 4
Event Viewer - Security - Reports "Failure Audit" 2
Help, strange failed login attempt 1
Security Event 529 0
Failure Audit Question 2

Top