cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cansaydam
Engaged Sweeper
Hello,

We are enabled audit setting on our domain controller. I want to send an alert for a specific log ID:632.

Can I create an alert with security logs?

Thanks

Jon Saydam
9 REPLIES 9
cansaydam
Engaged Sweeper
Ok Thanks, Now it is working. All events have been updated. Will the database keep all the events or is there any clean up rules?

Thanks

Jon
Hemoco
Lansweeper Alumni
cansaydam wrote:
Will the database keep all the events or is there any clean up rules?

The cleanup option below is available under Configuration/Scanning Setup/Server Options. We do recommend that you delete event log information as quickly as possible, as this data takes up a lot of database space.
Delete eventlog entries after XX days.

Hemoco
Lansweeper Alumni
Please check the scan target you've submitted for scanning. Make sure that it's enabled and that you submitted the NetBIOS computer name and the NetBIOS domain name. If you can't see any issues, please contact support@lansweeper.com and provide us with screenshots of:
- Your Eventlog Scanning settings.
- Event Log tab of the problem asset's Lansweeper webpage.
cansaydam
Engaged Sweeper
Hi,

I added scheduled eventlog scanning for our domain controller. I configured to scan every 5 minutes. Bur when I go to the asset of it and check the event log under the it's asset; It is not updated. I guess it is updating only when it rescan the assets. So could you advise what can be the problem?

Regards

Jon
cansaydam
Engaged Sweeper
Thanks, All security logs are visible now.
Regards
Jon
Hemoco
Lansweeper Alumni
No, as the trial version supports event log scanning. Are you sure your machines have been (successfully) rescanned since you enabled the additional event types?
cansaydam
Engaged Sweeper
Can it be because of I am using a trial version? Because I am planning to buy the license next week.
cansaydam
Engaged Sweeper
Thanks for your quick response. I enabled the security audit events under Configuration/Scanning Setup/Server Options.
Still don't see events under domain controller asset.
Also I added log scanning.

Thanks

Jon
Hemoco
Lansweeper Alumni
Instructions can be found on page 139 and beyond of our online documentation. Note that the appropriate event types must be enabled for scanning under Configuration/Scanning Setup/Server Options. By default, only errors are scanned.