Security Monitoring

logon security monitoring

What is a Windows Event Logon?

Windows Event - Security Logon refers to Windows Server or Windows Client event logs where an entity is implicated in an authentication or impersonation event. These events are generated when a Windows Logon session is created on the accessed host.

This package is specifically designed to monitor Windows Security Logon Events, collecting Event IDs 4624 (logins), 4625 (failed logins), and 4634 (logouts). Individual Windows Security Logon Events are retained for detailed and statistical analysis. Various monitoring metrics are also collected, including total event count, public and private IP counts, remote interactive logons, cached interactive logons, new credentials logons, and network logons.

This monitoring provides critical data about system access patterns, including successful and failed login attempts, as well as logouts.

How to monitor Windows Events Logons?

ServicePilot makes it easy to monitor Windows Security Logon Event logs by automatically provisioning the security-logon package. It collects Logon events on Windows servers where the ServicePilot Agent is installed with no additional configurations required on the target servers.

Individual Windows Security Logon Events are kept for analysis and monitoring metrics are also gathered including:

  • Total Events
  • Public IPs count
  • Private IPs count
  • Remote Interactive Logon
  • Cached Interactive Logon
  • New Credentials Logon
  • Network Logon

How to install a logon resource?

  1. Use your ServicePilot OnPremise installation or a SaaS account.
  2. Add a new logon resource via the web interface (/prmviews or /prmresources) or via API (/prmpackages page), the default ServicePilot agent or another agent will be provisioned automatically.

Details of the logon package are located in the /prmpackages page of the software.


ServicePilot enables you to deliver IT services faster and more securely with automated discovery and advanced monitoring features.

By correlating the technology LOGON with APM and infrastructure monitoring, ServicePilot is able to provide a more comprehensive view of an organization's IT environment.

This allows IT teams to quickly identify and diagnose issues that may be impacting application performance, and take corrective action before end-users are affected.

Start with a free trial of our SaaS solution. Explore our plans or contact us to find what works best for you.

Monitor LOGON (1/2)

Monitor LOGON (2/2)

Learn more

Free installation in
a few clicks

SaaS Plateform

Flexible deployment according to your needs (SaaS, hybrid, on-premise) to speed up supervision implementation.
  • No on-premise software setup, servicing and configuration complexity
  • Instant setup, complete and pre-configured to ensure robust monitoring

OnPremise Plateform

Flexible deployment according to your needs (SaaS, hybrid, on-premise) to speed up supervision implementation.
  • Contracts and commitments over time ( > 1 year)
  • Performance, Data Storage and Infrastructure Management
  • 2 additional solutions: VoIP and Mainframe monitoring