I have applications that log login events as multiple events.
[07B0:007E-19E8] 2021.03.17 11:59:01 Opened session for User Name/HEXP/HU (Release 8.0.2FP6) [07B0:007E-19E8] 2021.03.17 11:59:01 ATTEMPT TO ACCESS SERVER by User Name/HEXP/HU was denied [07B0:007E-1408] 2021.03.17 11:59:01 Closed session for User Name/HEXP/HU Databases accessed: 0 Documents read: 0 Documents written: 0
This is an unsuccessful login event.
when the login is successful, only the first event is logged. I can connect these events with transaction, which is ok for some reporting purposes. But if I use transaction then I can't tag these events and I can't make the logs CIM compliant.
Is there a way to handle these kind of situations? Or it is not possible to tag these kind of events correctly?