What is a Windows Event Logon?
Windows Event - Security Logon refers to Windows Server or Windows Client event logs where an entity is implicated in an authentication or impersonation event. These events are generated when a Windows Logon session is created on the accessed host.
This package is specifically designed to monitor Windows Security Logon Events, collecting Event IDs 4624 (logins), 4625 (failed logins), and 4634 (logouts). Individual Windows Security Logon Events are retained for detailed and statistical analysis. Various monitoring metrics are also collected, including total event count, public and private IP counts, remote interactive logons, cached interactive logons, new credentials logons, and network logons.
This monitoring provides critical data about system access patterns, including successful and failed login attempts, as well as logouts.
How to monitor Windows Events Logons?
ServicePilot makes it easy to monitor Windows Security Logon Event logs by automatically provisioning the security-logon package. It collects Logon events on Windows servers where the ServicePilot Agent is installed with no additional configurations required on the target servers.
Individual Windows Security Logon Events are kept for analysis and monitoring metrics are also gathered including:
- Total Events
- Public IPs count
- Private IPs count
- Remote Interactive Logon
- Cached Interactive Logon
- New Credentials Logon
- Network Logon
How to install a logon resource?
- Use your ServicePilot OnPremise installation or a SaaS account.
- Add a new logon resource via the web interface (
/prmresources) or via API (
/prmpackagespage), the default ServicePilot agent or another agent will be provisioned automatically.
Details of the logon package are located in the
/prmpackagespage of the software.
ServicePilot enables you to deliver IT services faster and more securely with automated discovery and advanced monitoring features.
By correlating the technology LOGON with APM and infrastructure monitoring, ServicePilot is able to provide a more comprehensive view of an organization's IT environment.
This allows IT teams to quickly identify and diagnose issues that may be impacting application performance, and take corrective action before end-users are affected.