Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

can't recive EventID 4625 to MY AD

adcom26
Explorer
‎08-26-2020 04:40 AM

hello,

I Have a machine Windows server 2012 r2, I configure as Active directory, and I create a user (user_1, user_2) and I add a list of computers (Client_1, Client_2,...) under the domain

what I want is if a user_1 is fail to log in,  the client_1, then it sends the event code 4625 to the AD machine 

 

Labels (2)
Labels
Tags (1)
0 Karma
Reply

Richfez
SplunkTrust
SplunkTrust
‎08-26-2020 08:19 AM

This does not appear to be a Splunk question and we're unlikely to be able to help you in any great detail on this problem.

A hint though -

Your answer will be found most likely in some Microsoft docs or forums involving Active Directory.  From what I know, if you are trying to log into a domain account on a domain joined PC, it's very difficult to make the failed logins not show up.   So something's either seriously wrong, or you are just "doing the wrong thing" like not using a domain joined pc and using a domain account.

 

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...