Loading...

Example: Creating a Monitoring Policy to Track Computer Login on Windows Computers

This sample covers creating a monitoring policy that collects data when specific Windows logon events occur, such as logging on or failing to log on to a Windows computer.

Procedure

  1. From the CommCell Browser, expand Policies.
  2. Right-click Monitoring Policies and then click New Monitoring Policy.
  3. Follow the instructions in the New Monitoring Policy wizard.
  4. On the Please select the type of monitoring policies you would like to create page, select Windows Events.
  5. On the Please specify criteria page, select Specify criteria, and add two criteria:
    • On the Please specify criteria page, click Add to define the first criterion:
      1. In the Create Criteria dialog box, for the Event ID filtering attribute, select the equals to operator and type 529.

        This event ID indicates a login failure.

      2. For the User filtering attribute, select the contains operator and enter the name of the user that you want to monitor.
      3. Click OK.
    • On the Please specify criteria page, click Add to define the second criterion:
      1. In the Create Criteria dialog box, for the Event ID filtering attribute, select the equals to operator and type 538.

        This event ID indicates that a user logged off.

      2. For the User filtering attribute, select the contains operator and enter the name of the user that you want to monitor.
      3. Click OK.
  6. After completing the wizard, click Finish to create the monitoring policy.