Example: Creating a Monitoring Policy to Track Computer Login on Windows Computers

This sample covers creating a monitoring policy to send email notifications when specific Windows login events occur, such as logging on or failing to log on a Windows computer.

Procedure

  1. From the CommCell Browser, expand Policies.
  2. Right-click Monitoring Policies and then click New Monitoring Policy.

    Follow the instructions in the New Monitoring Policy wizard.

  3. On the Please select the type of monitoring policies you would like to create page, select Windows Events.
  4. On the Please specify criteria page, select Specify criteria and then click Add.

    In the Create Criteria dialog box, specify the filtering attributes for the policy:

    1. For the Event ID filtering attribute, select the equals to operator and type 529.

      This event ID indicates a login failure.

    2. Under User Assigned Severity, select Warning to set the event ID as a major event.
    3. Click OK.
  5. On the Please specify criteria page, click Add to specify a second monitoring criterion:
    1. For the Event ID filtering attribute, select the equals to operator and type 538. This event ID indicates that a user logged off.
    2. For the User filtering attribute, select the contains operator and enter the name of the user that you want to monitor.
    3. Click OK.
  6. On the Alert Details page, click Add to set up an email alert using the monitoring criterion as the alert trigger.