Elemanzer Posted June 4, 2013 Report post Posted June 4, 2013 I made a monitor that send an email to me if someone other than me logs into a server. Security logs Event ID 4624 parameter 9 equals 10 parameter 6 not equal "my username" For the alerting I used $Data/Context/Params/Param[6]$ logged into$Data/Context/Params/Param[12]$ from$Data/Context/Params/Param[19]$ So it'll tell me who and when they logged into the server. I can even kill term services with running a cmd line net stop termservice /y What i would like is one that shows when someone logs into SQL with a service account. Any suggestions? Quote Share this post Link to post Share on other sites More sharing options...
0 AdinE Posted July 9, 2013 Report post Posted July 9, 2013 Elemanzer, are you trying to monitor when an actual users logs into a SQL server (i.e. the actual Windows server) using a Service Account, or when a Service Account connects with/to a SQL Server instance? Also, why did you create a custom monitor to monitor when someone other than you logs into a server, instead of implementing ACS which is much more robust in its data collection/reporting? Quote Share this post Link to post Share on other sites More sharing options...
I made a monitor that send an email to me if someone other than me logs into a server.
Security logs
Event ID 4624
parameter 9 equals 10
parameter 6 not equal "my username"
For the alerting I used
$Data/Context/Params/Param[6]$ logged into
$Data/Context/Params/Param[12]$ from
$Data/Context/Params/Param[19]$
So it'll tell me who and when they logged into the server.
I can even kill term services with running a cmd line net stop termservice /y
What i would like is one that shows when someone logs into SQL with a service account.
Any suggestions?
Share this post
Link to post
Share on other sites