Is there a way to include the Host IP (Source IP o...

eugenea · ‎04-24-2020

Hi Chaps,

I setup an alert to notify me via email whenever an RDP event log is created.

This alert is working though what I am figuring out now is how to include the exact Source IP of that RDP session.

What's included in the alert is the "Network Address" of that endpoint.

e.g. I RDP in to 10.1xx.10.40, and it only shows the Network address in the alert; which is 10.1xx.10.1.

Here's the actual email alert:

_________________________________________________________

This alert is about your Log Insight installation on https://x.x.x.x/
Log Insight found the following 1 event matching the criteria for alert "A successful Windows RDP login was detected":
Remote Desktop Services: User authentication succeeded:

User: user1

Domain: domain1
Source Network Address: 10.1xx.10.1

Note: To avoid raising duplicate alerts, this alert will now be snoozed for the next 5 minutes (the search period for this alert).

_________________________________________________________

I have been searching online and going through VRLI gui one section at a time (including the User alert settings), though I can't seem to find where to configure this.

Any assistance will be greatly appreciated!
Thanks mates!

Sincerely,

Eugene

All

Is there a way to include the Host IP (Source IP or Hostname) in the Log Insight User Alerts?

Bugs

Education

Product