How to correlate different logs
I want help from you. I am getting logs of single user logging on to network from multiple host at a same time.
I am getting all successful logon with host name but I want to see one user with multiple host in one report.
Can anyone help me.
Hi Hassan Rizvi,
If Your Requirement is Simply for Reports. You can do that in simple way of ordering and Group By Method.
I know your Requirement Still does't Meet.I Hope it will be of Little Help.
Thanks and Regards,
You can create a simple rule as well.
and any other field if you wish which uniquely defines the logon events (I am not sure which device or platform your are asking about).
No. of Matches # <No.> (Ideally should be two as one user is not supposed to login from more than one host, but depends upon your need)
If the below field is unique
IP address of the logged in device
If the below field is ideal
As you wish, notification, case or active list etc.