Hello. I'm struggling to create a report that will show me failed login usernames from Active Dir (Win2K). I can create a report that shows a nice pie graph of 10 users locked their accounts, but there is no place in the report that tells me which 10 users? I can click on the incidents tab every day and see which users have failed attempts, but it would be nice to have report showing the same user has 20 incorrect logins per day etc... Any help would be greatly appreciated.
The tricky part about what you're trying to do is figuring out which event types to include in the query. CSMARS sometimes uses some strange event types. There are even a few that are EXACTLY the same except for the case of a single letter. Otherwise, what you're trying to do is easy. Let's assume you know the event type is "Failed login attempt with invalid username or password". Use a query "results format" of "Reported Users Ranked by Sessions". Change the "events" criteria to report on the event above only. Run the query.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...