→ 🚀What's New? Join Us for the Fall Product Launch! Register Now !

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
delrio1112
Engaged Sweeper
Im trying to trigger an alert when when security event ID 4732 is triggered but when i check im not seeing any security logs. I have enabled informational logs to be captured but im not seeing them . Thank you for your help.
1 ACCEPTED SOLUTION
Susan_A
Lansweeper Alumni
FYI for everyone, as we received a followup email from delrio1112 via email: event 4732 turned out to be a success audit event, not an information event. We recommended:
  • Enabling scanning of success audit events under Configuration\Server Options.
  • Once again, rescanning the assets by clicking the Assets link at the top of the web console, ticking the upper checkbox and hitting the Rescan button on the left.

View solution in original post

2 REPLIES 2
Susan_A
Lansweeper Alumni
FYI for everyone, as we received a followup email from delrio1112 via email: event 4732 turned out to be a success audit event, not an information event. We recommended:
  • Enabling scanning of success audit events under Configuration\Server Options.
  • Once again, rescanning the assets by clicking the Assets link at the top of the web console, ticking the upper checkbox and hitting the Rescan button on the left.
Susan_A
Lansweeper Alumni
We received and answered this question via email. For everyone else's benefit, I'm pasting the reply we sent via email below.
Thank you for using Lansweeper. We're not sure where or how you are looking at event log information, but a couple of ways to view scanned events are:
  • In the Event Log tab of an individual Windows computer's Lansweeper webpage.
  • In a custom report. We've included a sample report below that lists scanned instances of event 4732. You can add this report to your Lansweeper installation by following these instructions.

If you are unable to locate scanned instances of 4732 in the Event Log tab of your computers or in the report, could you:
  • Just to be sure, double-check that scanning of informational events is enabled under Configuration\Server Options.
  • Rescan your machines by clicking the Assets link at the top of the web console, ticking the upper checkbox and hitting the Rescan button on the left. Wait for the Last Seen (= last successful scan) dates listed on your computer webpages to update. Keep in mind that Lansweeper will only scan instances of the 4732 event that occurred since scanning of informational events was enabled under Configuration\Server Options.

If you set up an alert for the event under Configuration\Email Alerts as well, Lansweeper will email you as soon as events with the specified ID are scanned. This article is not entirely up-to-date yet for Lansweeper 6.0, but some general info on setting up email alerts can be found in this knowledge base article.
Select Top 1000000 tsysOS.Image As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
tblAssets.IPAddress,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblAssetCustom.Serialnumber,
tblNtlog.Eventcode,
Case tblNtlog.Eventtype When 1 Then 'Error' When 2 Then 'Warning'
When 3 Then 'Information' When 4 Then 'Success Audit'
When 5 Then 'Failure Audit' End As Eventtype,
tblNtlogFile.Logfile,
tblNtlogMessage.Message,
tblNtlogSource.Sourcename,
tblNtlogUser.Loguser,
tblNtlog.TimeGenerated
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tblNtlog On tblAssets.AssetID = tblNtlog.AssetID
Inner Join tblNtlogFile On tblNtlogFile.LogfileID = tblNtlog.LogfileID
Inner Join tblNtlogMessage On tblNtlogMessage.MessageID = tblNtlog.MessageID
Inner Join tblNtlogSource On tblNtlogSource.SourcenameID =
tblNtlog.SourcenameID
Left Join tblNtlogUser On tblNtlogUser.LoguserID = tblNtlog.LoguserID
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tblNtlog.Eventcode = 4732 And tblAssetCustom.State = 1
Order By tblNtlog.TimeGenerated Desc