Event Log Monitoring not working

HI all,

I’ve spent a few hours on this today using various settings. I just can’t get the profile to trigger based on an event ID.
I’m looking for Security event 4625 (unsucessful login) using “Monitoring” and have “event ID = 4625” set in the conditions. The profile is associated with the machine and set to produce an alert on detection.

My problem is that it just wont detect. Has anyone else found this? What is the resolution?

@ftechservices ,

We understand that you are having issues with monitoring. Support will get in touch shortly via email support for additional details we might need for investigation why it fails. have you tried https://scripts.comodo.com/frontend/web/topic/alert-if-the-logs-created-in-specific-event-id

Hello @ftechservices
Perhaps you might want to give the following script a try if it will serve your needs.
Script for monitoring the user Access report(logon/logoff/logonfailure)

Thanks @RickC. I’m actually working with this one here (https://scripts.comodo.com/frontend/web/topic/alert-if-the-logs-created-in-specific-event-id) which looks like it could do the job. I’ve amended the script so its EventID = 4625 and adjusted the powershell command (within the code) to look at the “Security” log instead of the “Application” log.

What I’m not 100% with is the piece of code that states " -After (Get-Date).AddMinutes(0) " which I believe is looking for an event created at the current time (and date). What I’m not sure about is that is this custom script is set to run every 15 minutes (as per the recommendation) then surely this needs to be set as " -After (Get-Date).AddMinutes(-15) " so that its looking for the event having been generated within the previous 15 minutes.

@ftechservices ,

The script will check the event logs for every 15 min by default. Whenever the event happened, an alert will be generated

Hello @ftechservices
We reached out to the script developers to check the script that you are testing if improvements can be made on it. Rest assured that we will get back to you once we get word from the team. We appreciate your patience on the matter.

Hi @ftechservices, kindly refer to this script to generate an alert for logging on the script,


Thank you.

It looks as though the procedure at https://scripts.comodo.com/frontend/web/topic/alert-if-the-logs-created-in-specific-event-id has been updated to take into account my suggestions. Retesting using this script at the moment, all looks good so far! :smiley:

Yep! Everything working well, thanks all for your help.

@ftechservices ,

We thank you for giving us your feedback. We’re glad that our recommendation worked for you.