Files

qiaoli 8ac860f1c4 HSS UMN 20240730 version

Reviewed-by: Rogal, Marcel <mrogal@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: qiaoli <qiaoli@huawei.com>
Co-committed-by: qiaoli <qiaoli@huawei.com>

2024-12-19 12:07:54 +00:00

3.8 KiB

Raw Permalink Blame History

How Do I Know Whether an Intrusion Succeeded?

If you have enabled alarm notifications for intrusion detection, you will be notified immediately when an account is cracked or may be cracked.
You can also check whether attack IP addresses are blocked on the Intrusion Detection page.
To further determine the details, perform the following steps:
- Linux
  For Linux servers, you can view logs in /var/log/secure and /var/log/message directories, or run the last command to check whether there are abnormal login records.
- Windows
  To view server login logs, perform the following steps:
  1. Open Control Panel.
  2. Choose Administrative Tools > Event Viewer. The Event Viewer page is displayed.
  3. In the navigation tree on the left, choose Windows Logs > Security. The Security page is displayed.
  4. In the navigation tree on the right, choose Security > Filter Current Log. The Filter Current Log dialog box is displayed.
  5. On the Filter tab, locate the <All Event IDs>.
    Figure 1 Filter
  6. Enter the login event ID and click OK to filter the target login events.
    - 4624: ID of successful login events
    - 4625: ID of failed login events

Parent topic: Abnormal Logins

3.8 KiB Raw Permalink Blame History

How Do I Know Whether an Intrusion Succeeded?

3.8 KiB

Raw Permalink Blame History