Highlighted
Absent Member.
Absent Member.
205 views

How to correlate different logs

Hi,

I want  help from you. I am getting logs of single user logging on to network from multiple host at a same time.

I am getting all successful logon with host name but I want to see one user with multiple host in one report.

Can anyone help me.

0 Likes
Reply
2 Replies
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Hi Hassan Rizvi,

If Your Requirement is Simply for Reports. You can do that in simple way of ordering and Group By Method.

I know your Requirement Still does't Meet.I Hope it will be of Little Help.

Thanks and Regards,

Balahasan.V

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Hi Hasan,

You can create a simple rule as well.

Condition:

eventID =

deviceproduct =

deviceVendor =

and any other field if you wish which uniquely defines the logon events (I am not sure which device or platform your are asking about).

Correlation:

No. of Matches # <No.> (Ideally should be two as one user is not supposed to login from more than one host, but depends upon your need)

If the below field is unique

HostName or

IP address of the logged in device

If the below field is ideal

user name

Action:

As you wish, notification, case or active list etc.

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.