MonitorWare Knowledge Base

Hello,

a few days one of your supporters wrote me the following configuration steps. I got some questions to these steps:

the questions are under the steps, marked with an >> in the beginning

thanks in adavance,

Alex



Dear Alexander Wied,

You dont see these events in the Windows Event Log becuase most probably you are not auditing them. Following are the steps that you need to do to achieve the desired goal:

1. Audit the events for all those actions that you have mentioned in your mail.

>>How do i do that?

2. Find the event id corresponding to these events. I can help you in this regard so here are the event ids corresponding to the actions



a) Event Id for "User Account Created" is 624

b) Event Id for "User Account Deleted" is 630

c) Event Id for "User Account Locked out" is 644

d) Event Id for "User Right Assigned" is 608

e) Event Id for "User Right Removed" is 609



3. Once you have done this, simply right click on the RuleSet node in the tree view of MonitorWare Agents Client. You will see a menu that says "Import from XML file". Click on it and select the attached file.

>> there is no menu that says "import from XML" file ...and we are using >>winsyslog, is there anything to do there?

4. You will see a new rule set added in the tree view. Since only one rule set can be binded to a particular service, make sure that you include the rule defined in this rule set to the one that you have already defined (the one that is binded to the service(s) )



5. Make sure to change the settings in the "Send Email" Action becuase the rule that i am sending you contains the default settings



I hope you will find these steps helpful. If you still have any query, feel free to ask.



Best Regards,



Wajih-ur-Rehman

Adison





----- Original Message -----

From:Alexander Wied

To:support@adiscon.com

Sent:Wednesday, April 02, 2003 5:39 PM

Subject:creating specific filter rules in Winsyslog for user creation/deletion



Hello,



we are using Eventreporter in combination with Winsyslog and want to configure the filter rules in Winsyslog.

We want Winsyslog to send an Email each time a certain Event happens. Sending Emails itself works fine.

We tried to configure the rules so they apply to our criteria’s, but there has been no way to figure out how some of these filters have to be set.

We want to receive an Email each time a User on the WINNT 4 Server Eventreporter runs on, is created, deleted or locked.

We want to receive an Email each time the rights of a User are changed or he is added to another Group.

How do I set filters for these events, for though I found nothing in the normal Windows NT Log that indicates something of these administrative activities.



Thanks in Advance,



Alexander Wied

Mikroplan GmbH
Kompetenz in EDV
Alexander Wied
Starkenburger Straße 54-56

60386 Frankfurt am Main
Germany

eMail: awi@mikroplan.com
Homepage: http://www.mikroplan.com
Telefon: +49-(0)69-941777-0
Telefax: +49-(0)69-941777-77

ok, i got it on myself, without importing the xml rule, but with a little figuring out the events with the interactive winsyslog server - a really great tool for just recording the events you want.

by the way, is there any possibility to change the format of the mails one receives from winsyslog?

Alex wrote:by the way, is there any possibility to change the format of the mails one receives from winsyslog?

Unfortunately not with the current version. The next release will support free-format mail messages. There you can select whatever mail text you intend to use.

The new functionality will probably be available as a beta within the next 4 weeks (no promise ).

Rainer Gerhards
Adiscon