Hello,
I've setup the event log filter on a few hosts on my network to log bad logon events.
It works sometimes which is weird .. it seems to be completely random when I do and don't receive the alerts and notifications.
Sometimes they go through just fine, other times I can try to enter a bad password 10 times (to test) and receive nothing.
Under event log filter here is what I have:
Event Logs: Security
Level: Audit Failure
Event IDs: 4625, 529, 530, 531, 532, 533, 534, 535, 536, 537
Notification Priority: Elevated
Any ideas?
thanks!