Resource check profile - Monitor Windows event logs and Linux syslogs
Track server resources such as Windows event logs and Linux syslogs to monitor specific events and strength your server's security.
Internet-facing systems constantly confront the risk of security hacks and data theft. While you're monitoring key performance metrics of your servers, keeping an eye out for security incidents is also necessary.
This can be achieved through event log monitoring for Windows servers, and syslog monitoring for Linux servers.
A server monitoring agent is required to start monitoring your event logs and syslogs. Navigate to Server - Server Monitor - Servers - Choose the appropriate platform, and download the agent to your server.
Once the installation is complete, you'll see the performance metrics by navigating to the Server tab and choosing the appropriate monitor.
Let's say you want to record and be alerted of failed login attempts to monitor unauthorized login and prevent data theft.
Navigate to the Checks tab and choose Windows Event Logs. Provide the following information:
Log Rule Type - Windows
Event Log Name - Security
Event Severity - Information
Event ID - 4625
Source - Microsoft Windows Security
Use Advanced Configuration to define the number of times an event needs to occur before an alert is triggered.
You can also associate this Resource Check Profile with other servers and to track events. Click Add Check. You can add similar checks to track user logon or logoff, system restart, and more.
Once the resource checks are added, edit the server monitor and toggle yes to receive an alert when a resource check fails.
Now you can track any critical events in your production environment and secure your servers. Try Site24x7 now!