This sample covers creating a monitoring policy that collects data when specific Windows logon events occur, such as logging on or failing to log on to a Windows computer.
Procedure
-
From the CommCell Browser, expand Policies.
-
Right-click Monitoring Policies and then click New Monitoring Policy.
-
Follow the instructions in the New Monitoring Policy wizard.
-
On the Please select the type of monitoring policies you would like to create page, select Windows Events.
-
On the Please specify criteria page, select Specify criteria, and add two criteria:
-
On the Please specify criteria page, click Add to define the first criterion:
-
In the Create Criteria dialog box, for the Event ID filtering attribute, select the equals to operator and type 529.
This event ID indicates a login failure.
-
For the User filtering attribute, select the contains operator and enter the name of the user that you want to monitor.
-
Click OK.
-
-
On the Please specify criteria page, click Add to define the second criterion:
-
In the Create Criteria dialog box, for the Event ID filtering attribute, select the equals to operator and type 538.
This event ID indicates that a user logged off.
-
For the User filtering attribute, select the contains operator and enter the name of the user that you want to monitor.
-
Click OK.
-
-
-
After completing the wizard, click Finish to create the monitoring policy.