Hello Harish: One way to deal with this would be to write a perl script to notify (email) you when a certain event shows up in the event logs, like your failed login attempt. If you have no perl experience this could be a bit of a learning curve but one well worth the effort. It's my personal belief that all administrators should automate tasks through scripting.
Anyway, to make it a bit easier here's a reference that shows how to do this very thing... Win32 Perl Scripting: The Administrator's Handbook By Dave Roth. Hope this helps. Kelly Brown Unix System Administrator Ericsson CDMA Systems On Wed, 12 Jun 2002, [iso-8859-1] Harish Gondavale wrote: > Hi, > > We have got a NT domain which is used as a resource > domain. Recently we found that there are few > unsucessful attempts tried with some strange domain > name and user id. (from security eveent logs) > > My question is > > 1. Is there any way to identify these machines - form > where it was tried ? > 2. Is there any way to monitor these servers and alert > generated if any unsucessful attaepmt? ( I know we can > implement IDS and acieve this. But any special tool > for NT other than IDS. Also if IDS is the only > solution then which is the best IDS)? > > Thanks in advance for help. > > Bye. > > Harish > > __________________________________________________ > Do You Yahoo!? > Everything you'll ever need on one web page > from News and Sport to Email and Music Charts > http://uk.my.yahoo.com >
