GFI
English Deutsch Français Italiano Nederlands Español
Forums  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Member List  Search  FAQ  Ticket List  Log Out

 

EventsManager 8.1 ReportPak

  		Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [Network Security] >> GFI EventsManager >> EventsManager 8.1 ReportPak Page: [1]
Login
Message << Older Topic   Newer Topic >>
EventsManager 8.1 ReportPak - 12.Aug.2008 12:07:36 PM   
KenEric

 

Posts: 10
Score: 0
Joined: 27.Jun.2008
Status: offline 		I setup a scheduled report for Failed Logons. I indicated that I wanted to see the last seven days and I scheduled the report to run weekly every Sunday at 11:59:59pm. I ran this report last Sunday (Aug 10, 2008)

I have a few issues:-

  1. The date filter appears as 8/5/2008 12:00:00am to 8/11/2008 11:59:59PM
  2. The Report was generated on 11 Aug 2008 0:00

I'm sure sure how that I can get information from a day that has not occurred (Aug 11, 2008).  Also, the data for Aug 4th is not included into the report. Actually, I could consider this a potential security gap.

Please advise


In the Failed Logon report, a msg Pre-authentication failed is shown. Please advise that this means and how I can suppress it.




_____________________________

Regards,

Ken
Post #: 1
RE: EventsManager 8.1 ReportPak - 13.Aug.2008 9:28:59 AM   
DrewE

 

Posts: 476
Score: 0
Joined: 28.Apr.2008
From: Cary, NC
Status: offline 		Would you please let us know if you see different results scheduling this report for 11:45pm?

_____________________________

Drew Easley - Technical Support Representative
GFI Software - www.gfi.com

(in reply to KenEric)
Post #: 2
RE: EventsManager 8.1 ReportPak - 15.Aug.2008 12:03:33 PM   
KenEric

 

Posts: 10
Score: 0
Joined: 27.Jun.2008
Status: offline 		As suggested the report was generated at 23:55


Report title: User account management
 

Generated on: 14-Aug-2008 23:55

 
Date filter:   8/8/2008 12:00:00AM to 8/14/2008 11:59:59PM.
 
Base on the parameters, this encompasses the last 7 days activity.
 
With reference to my second question:-
 
In the Failed Logon report, a msg Pre-authentication failed is shown. Please advise that this means and how I can suppress it.

do you have a response?
 
Thanks
 
 
 


_____________________________

Regards,

Ken

(in reply to DrewE)
Post #: 3
RE: EventsManager 8.1 ReportPak - 20.Aug.2008 9:11:24 AM   
DrewE

 

Posts: 476
Score: 0
Joined: 28.Apr.2008
From: Cary, NC
Status: offline 		Pre-authentication failures can also be a sign of failed logins by users.   There is more information on this type of event here: http://www.windowsecurity.com/articles/Kerberos-Authentication-Events.html  and in particular the "Kerberos and the Windows Security Log" section.

_____________________________

Drew Easley - Technical Support Representative
GFI Software - www.gfi.com

(in reply to KenEric)
Post #: 4
Page:   [1]
All Forums >> [Network Security] >> GFI EventsManager >> EventsManager 8.1 ReportPak Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


   © 2008. All rights reserved. GFI Software Home Products Download Trials Support Ordering Site Map About Us Contact us
GFI solutions: Exchange anti spam filter - exchange anti virus - isa server - network vulnerability scanner - event log management - USB security software - exchange archiving - fax server software