IP address in security event log?

[Dario]

hi all,
on my win2k Adv Server i noticed a lot of 529 event id
like this:
Logon Failure:
Reason: Unknown user name or bad password
User Name: Administrator
Domain: JULIETTE
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name:JULIETTE

I'd like that windows will be able to log the ip address,
not just the name of the domain. Is it possible to do it?
Thanks, Dario

 

[Keith W. McCammon]

I'd like that windows will be able to log the ip address,

not just the name of the domain. Is it possible to do it?
Thanks, Dario

Not that I'm aware. I dump all of my security logs to a DB, and just
perform a lookup using Perl against the fields.

 

[Steven L Umbach]

Not consistently - Windows 2003 is supposed to have fixed that. Look
into using something like Sygate Pro personal firewall. It is worth if for
it's logging alone and you can shut down the firewall. Then you can
correlate failures in the security log to events in the firewall log by
time. It also has a backtrace function. You can download and try it for
free. -- Steve