Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

can't recive EventID 4625 to MY AD

adcom26
Explorer
‎08-26-2020 04:40 AM

hello,

I Have a machine Windows server 2012 r2, I configure as Active directory, and I create a user (user_1, user_2) and I add a list of computers (Client_1, Client_2,...) under the domain

what I want is if a user_1 is fail to log in,  the client_1, then it sends the event code 4625 to the AD machine 

 

Labels (2)
Labels
Tags (1)
0 Karma
Reply

Richfez
SplunkTrust
SplunkTrust
‎08-26-2020 08:19 AM

This does not appear to be a Splunk question and we're unlikely to be able to help you in any great detail on this problem.

A hint though -

Your answer will be found most likely in some Microsoft docs or forums involving Active Directory.  From what I know, if you are trying to log into a domain account on a domain joined PC, it's very difficult to make the failed logins not show up.   So something's either seriously wrong, or you are just "doing the wrong thing" like not using a domain joined pc and using a domain account.

 

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...