Example: Creating a Monitoring Policy to Track Computer Login on Windows Computers
This sample covers creating a monitoring policy that collects data when specific Windows logon events occur, such as logging on or failing to log on to a Windows computer.
Procedure
- From the CommCell Browser, expand Policies.
- Right-click Monitoring Policies and then click New Monitoring Policy.
- Follow the instructions in the New Monitoring Policy wizard.
- On the Please select the type of monitoring policies you would like to create page, select Windows Events.
- On the Please specify criteria page, select Specify criteria, and add two criteria:
- On the Please specify criteria page, click Add to define the first criterion:
- In the Create Criteria dialog box, for the Event ID filtering attribute, select the equals to operator and type 529.
This event ID indicates a login failure.
- For the User filtering attribute, select the contains operator and enter the name of the user that you want to monitor.
- Click OK.
- In the Create Criteria dialog box, for the Event ID filtering attribute, select the equals to operator and type 529.
- On the Please specify criteria page, click Add to define the second criterion:
- In the Create Criteria dialog box, for the Event ID filtering attribute, select the equals to operator and type 538.
This event ID indicates that a user logged off.
- For the User filtering attribute, select the contains operator and enter the name of the user that you want to monitor.
- Click OK.
- In the Create Criteria dialog box, for the Event ID filtering attribute, select the equals to operator and type 538.
- On the Please specify criteria page, click Add to define the first criterion:
- After completing the wizard, click Finish to create the monitoring policy.