This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 5%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
We have to monitor a logon timestamp or the user details, whoever logs into the server to be triggered via alert from SCOM- when someone logs into the server we would need to be the alert triggered.
Please help us here...
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Shiva Ravichandran ,Hope everything is going well. I am writing to see if there's anything unclear with the information we provided . If yes, feel free to let us know.
Thanks and have a nice day!
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
I think you can try enabling auditing on user account and create a monitor or rule based on the related events. For details, please refer to:
How to Create a Simple Windows Event Unit Monitor
https://social.technet.microsoft.com/wiki/contents/articles/51547.scom-monitor-a-specific-windows-event.aspx
Windows Event ID 4624 – Successful logon
https://www.manageengine.com/products/active-directory-audit/kb/windows-security-log-event-id-4624.html#:~:text=Event%20ID%204624%20(viewed%20in,4625%20documents%20failed%20logon%20attempts.
Roger
@Shiva Ravichandran ,Agree with Roger, For our request, the main steps are as below:
For the parameters in the two events, here are the links for the reference:
https://www.windows-security.org/windows-event-id/4624-an-account-was-successfully-logged-on
https://www.windows-security.org/windows-event-id/4625-an-account-failed-to-log-on
Note: Non-Microsoft link, just for the reference.
Hope it can help.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.