How about just using the Event to SNMP Trap Translator (SMS version 1.2 or higher and built into 2000)?
Also check out http://support.microsoft.com/default.aspx?scid=kb;en-us;Q318464 -----Original Message----- From: Kelly Brown [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 7:36 PM To: Harish Gondavale Cc: [EMAIL PROTECTED] Subject: Re: NT Domain - unsucessful login attepmts Hello Harish: One way to deal with this would be to write a perl script to notify (email) you when a certain event shows up in the event logs, like your failed login attempt. If you have no perl experience this could be a bit of a learning curve but one well worth the effort. It's my personal belief that all administrators should automate tasks through scripting. Anyway, to make it a bit easier here's a reference that shows how to do this very thing... Win32 Perl Scripting: The Administrator's Handbook By Dave Roth. Hope this helps. Kelly Brown Unix System Administrator Ericsson CDMA Systems On Wed, 12 Jun 2002, [iso-8859-1] Harish Gondavale wrote: > Hi, > > We have got a NT domain which is used as a resource > domain. Recently we found that there are few > unsucessful attempts tried with some strange domain > name and user id. (from security eveent logs) > > My question is > > 1. Is there any way to identify these machines - form > where it was tried ? > 2. Is there any way to monitor these servers and alert generated if > any unsucessful attaepmt? ( I know we can implement IDS and acieve > this. But any special tool for NT other than IDS. Also if IDS is the > only solution then which is the best IDS)? > > Thanks in advance for help. > > Bye. > > Harish > > __________________________________________________ > Do You Yahoo!? > Everything you'll ever need on one web page > from News and Sport to Email and Music Charts http://uk.my.yahoo.com >
