Refine your search:

Search query login

-2

Hi all, i need to do a query about the number of login failed and succeeded in a time period. I'm auditing linux and windows machines. Thanks

asked 03 Aug '10, 09:26

pinzer's gravatar image

pinzer
554121
accept rate: 0%

2 Answers:
oldestnewestmost voted
0

Hi,

The Splunk for *NIX app that ships with the Linux versions has the queries "Successful User Logins" and "Failed Logins" built in (under the Users menu). Would that be sufficient? Just load Splunk, Enable the *NIX app and configure it.

link

answered 03 Aug '10, 09:35

stephanbuys's gravatar image

stephanbuys
398311
accept rate: 8%

0

Are you trying to gather this information from the Windows Event logs and the syslogs from the *nix machines?

Brian

link

answered 31 Aug '10, 11:55

Brian%20Osburn's gravatar image

Brian Osburn
1811221
accept rate: 23%

Post your answer
toggle preview

Follow this question

Log In to enable email subscriptions

RSS:

Answers

Answers + Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×1,640
×278
×112
×91

Asked: 03 Aug '10, 09:26

Seen: 2,294 times

Last updated: 12 Oct '10, 14:23

Related questions

Is it possibly to log a user in to Splunk automatically without setting enable_insecure_login to true and sending the user/password as query params?

Help on query for user login info.

User last login date

Search query for multiple login done by more than one pc

sub-search search query

Login in MS-DOS

5 and above login failures

How can I get a connected account at present?

Alerting on Failed Login Events

Copyright © 2005-2012 Splunk Inc. All rights reserved.