Event 528 as SNMP trap

[bmquiroz]

Hello all,

Trying to figure out how to configure (Event 528, Logon Type 10, Logon Process User32) as an SNMP trap. I am using "Event to Trap Translator" and I would like to send successful "user" logins as an SNMP trap to my NMS machine. The problem is that under "Event to Trap Translator" it shows Event 528 without variables i.e. no logon type, logon process, etc. This logs every sys logon event, services and all. I only want to monitor user local logins. How can accomplish this? Registry hack?

Thanks.

-Sip

 

[Castor66]

You're out of luck on this point, Im afraid. Event to Trap is pretty basic. Any filtering you want to do will need to be done on the SNMP trap receiver end. What exactly do you want to do? Do you want to real-time monitor user logins or do you just want a report on the logins?

For reporting you can use Log Parser to strip out the relevant records either from the SNMP log or from the event log itself.

 

[bmquiroz]

Hi Castor,

Thanks for the reply. I would like to monitor logins in real time via SNMP trap to my NMS machine. The NMS machine would then generate a notification based on event. Should I try a syslog service instead?

Thanks.

-Sip