What is Windows Event Security Logon?
Windows Logon is when an entity is involved in Authentication or Impersonation event on Microsoft Windows (either Windows Client or Windows Server) This event is generated when a Windows Logon session is created. It is generated on the Hostname that was accessed.
Windows Event Security Logon monitoring
This package is built to monitor Windows Events Security Logons collecting Event IDs 4624 (logins), 4625 (failed logins) and 4634 (logouts).
This package automatically configures the ServicePilot Agent to collect statistics from the Windows Servers on which the ServicePilot Agent has been configured.
Individual Windows Events Security Logon are kept for analysis and monitoring metrics are also gathered including:
- Total Events
- Public IPs count
- Private IPs count
- Remote Interactive Logon
- Cached Interactive Logon
- New Credentials Logon
- Network Logon