LogDNA Windows Security Template

📘

The Template Library documentation has moved

This topic is not up-to-date. View the latest documentation for the Windows Security Template.

Quickly unlock insights and gain visibility into your Windows server with LogDNA Views, Boards, and Screens templates. Interested in other templates? Browse the library here.

What is the LogDNA Windows Security Template?

The Windows Security Template allows you to quickly gain insights into excessive login attempts, audits on cleared logs, or anomalous access patterns. Set up alerts to monitor when unexpected events happen or use our dashboards to get constant visibility into the access patterns of your servers.

📘

Prerequisites

The Windows Security Template requires NXLog to be set up to collect security event logs. Simply uncomment the <Select Path='Security'>*</Select> line in your NXLog config file and restart NXLog to apply changes. See here for more information about our NXLog integration. The Windows Security Template will not work with other integrations such as FluentD.

A screen included in the template showing login attempts and event patterns.A screen included in the template showing login attempts and event patterns.

A screen included in the template showing login attempts and event patterns.

Included in the Windows Security Template

Views

  1. 1102 / Audit log cleared (Recommended to Alert On)
  2. 4616 / System time was changed
  3. 4624 / Successful account log on
  4. 4625 / An account failed to log on
  5. 4634 / An account logged off
  6. 4720 / User account created
  7. 4725 / Disabled account
  8. 4740 / Locked account
  9. 4946 / Firewall exception added
  10. 5025 / Windows Firewall stopped (Recommended to Alert On)

Boards

  1. Windows Server Activity
  2. Events Count by Channel
  3. Failed Logins
  4. Successful Logins

Screens

  1. Security log events daily and weekly trends
  2. Distribution of log events by event id
  3. Distribution of log on events by user name
  4. Total successful and failed authentications per week
  5. Total log events per week

Have any feedback or thoughts on our Template Library? Join our forum and let us know!

Unable To See Template Installation Instructions?

If you have an ad blocker enabled, you may not see the configuration tutorial provided. As a workaround, you can whitelist LogDNA in your ad blocker. Alternatively, you can install the Template by downloading the configuration file here. Afterwards, drag it into your import config settings and click "Import". You can find additional docs on importing configurations here.