[GH-ISSUE #66] Feature Request: Failed Logons #1977

New issue

Closed

opened 2026-03-14 01:55:38 +03:00 by kerem · 3 comments

kerem commented 2026-03-14 01:55:38 +03:00

Owner

Copy link

Originally created by @dan578 on GitHub (Aug 25, 2020).
Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/66

Originally assigned to: @wh1te909, @sadnub on GitHub.

Hi,

I know we can already check the log for event ID's so we can check for failed logon ID's. However it's not really customizable in the sense of 100 failed logon's in 24 hours would trigger the alert. Could this be added?

Thanks for all your work!

Originally created by @dan578 on GitHub (Aug 25, 2020). Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/66 Originally assigned to: @wh1te909, @sadnub on GitHub. Hi, I know we can already check the log for event ID's so we can check for failed logon ID's. However it's not really customizable in the sense of 100 failed logon's in 24 hours would trigger the alert. Could this be added? Thanks for all your work!

kerem 2026-03-14 01:55:38 +03:00

• closed this issue
• added the
  enhancement
  label

kerem commented 2026-03-14 01:55:55 +03:00

Author

Owner

Copy link

@wh1te909 commented on GitHub (Aug 25, 2020):

hi sorry just trying to understand the new feature, are you asking to be allowed to set a search period less than 24 hours like let's say only search the past 5 minutes of the log?

<!-- gh-comment-id:679871649 --> @wh1te909 commented on GitHub (Aug 25, 2020): hi sorry just trying to understand the new feature, are you asking to be allowed to set a search period less than 24 hours like let's say only search the past 5 minutes of the log?

kerem commented 2026-03-14 01:56:00 +03:00

Author

Owner

Copy link

@dan578 commented on GitHub (Aug 25, 2020):

Hi, No problem I don't think I explained it well!

We would be looking for something like 500 events in 24 hours of the failed logon type.
(Event 4625) Which would be 500 failed logons.

I don't think its currently possible to specify how many of something should be or shouldn't be in the event logs? Just if it exists or doesn't.

Sorry does that make more sense?

Thanks

<!-- gh-comment-id:679873692 --> @dan578 commented on GitHub (Aug 25, 2020): Hi, No problem I don't think I explained it well! We would be looking for something like 500 events in 24 hours of the failed logon type. (Event 4625) Which would be 500 failed logons. I don't think its currently possible to specify how many of something should be or shouldn't be in the event logs? Just if it exists or doesn't. Sorry does that make more sense? Thanks

kerem commented 2026-03-14 01:56:05 +03:00

Author

Owner

Copy link

@wh1te909 commented on GitHub (Aug 25, 2020):

perfect yep makes sense now thanks! ok i'll work on this, will be in the next agent release. i'll update this ticket when it's done so you can test

<!-- gh-comment-id:680218759 --> @wh1te909 commented on GitHub (Aug 25, 2020): perfect yep makes sense now thanks! ok i'll work on this, will be in the next agent release. i'll update this ticket when it's done so you can test

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

master

1.0.0

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.20.1

v0.20.0

v0.19.4

v0.19.3

v0.19.2

v0.19.1

v0.19.0

v0.18.2

v0.18.1

v0.18.0

v0.17.5

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.5

v0.16.4

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.12

v0.15.11

v0.15.10

v0.15.9

v0.15.8

v0.15.7

v0.15.6

v0.15.5

v0.15.4

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.8

v0.14.7

v0.14.6

v0.14.5

v0.14.4

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.4

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.4

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.3

v0.11.2

v0.11.1

v0.11.0

v0.10.5

v0.10.4

v0.10.3

v0.10.2

v0.10.1

v0.10.0

v0.9.2

v0.9.1

v0.9.0

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.15

v0.6.14

v0.6.13

v0.6.12

v0.6.11

v0.6.10

v0.6.9

v0.6.8

v0.6.7

v0.6.6

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.32

v0.4.31

v0.4.30

v0.4.29

v0.4.28

v0.4.27

v0.4.26

v0.4.25

v0.4.24

v0.4.23

v0.4.22

v0.4.21

v0.4.20

v0.4.19

v0.4.18

v0.4.17

v0.4.16

v0.4.15

v0.4.14

v0.4.13

v0.4.12

v0.4.11

v0.4.10

v0.4.9

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.23

v0.2.22

v0.2.21

v0.2.20

v0.2.19

v0.2.18

v0.2.17

v0.2.16

v0.2.15

v0.2.14

v0.2.13

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.8

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.8

v0.1.7

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels   

In Process

  

bug

  

bug

  

dev-triage

  

documentation

  

duplicate

  

enhancement

  

fixed

  

good first issue

  

help wanted

  

integration

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

requires agent update

  

security

  

ui tweak

  

wontfix

No labels

In Process

bug

bug

dev-triage

documentation

duplicate

enhancement

fixed

good first issue

help wanted

integration

invalid

pull-request

question

requires agent update

security

ui tweak

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/tacticalrmm#1977

No description provided.