Analyze Windows failed login events with a custom log view

Use NetCrunch to monitor and display failed logon activity on all Windows machines in your network by monitoring Windows Event Log.

NetCrunch Event Log view allows you to create views of the type of events that you would like to analyze. In this way, you can filter and display only selected events. In this example, we will look at the events related to Windows Failed Logons entries*.

  1. In NetCrunch Event Log go to History tab.
  2. To edit the view, click on the cogwheel icon. event-log-edit-view

  3. Click < Add Condition > and in the Expression field, select Event ID is equal to 4625. event-log-filtering

  4. Click the Apply button. Now only events matching this filter will appear in the new Event Log view. event-log-matching-events

  5. To keep the view of Windows Failed Logons entries for the future analysis, click Save As.., type Name of the view, e.g. Windows Failed Logons and Save.

  6. Now you don't have to type proper filter expression each time when you want to see failed logons entries. Just expand the drop-down menu and choose the created view. Also, use another helpful option to set the date range or resolution. event-log-saved-view

  7. If you want to know, how to track Windows Event Log entries please refer to Microsoft Support Article - Description of security events in Windows 7 and in Windows Server 2008 R2.

event logfailedloginlogonmonitoringwindows

NetCrunch Network Monitoring

Network Maps, Dashboards, and Alerts.
Monitor anything. Network, cloud, config.