Help Center> Host Security Service (New)> FAQs> Abnormal Logins> How Do I Know Whether an Intrusion Succeeded?
Updated on 2024-03-25 GMT+08:00

How Do I Know Whether an Intrusion Succeeded?

  • If you have enabled alarm notifications for intrusion detection, you will be notified immediately when an account is cracked or may be cracked.
  • You can also check whether attack IP addresses are blocked on the Detection page.
  • To further determine the details, perform the following steps:
    • Linux

      For Linux servers, you can view logs in /var/log/secure and /var/log/message directories, or run the last command to check whether there are abnormal login records.

    • Windows
      To view server login logs, perform the following steps:
      1. Open Control Panel.
      2. Choose Administrative Tools > Event Viewer. The Event Viewer page is displayed.
      3. In the navigation tree on the left, choose Windows Logs > Security. The Security page is displayed.
      4. In the navigation tree on the right, choose Security > Filter Current Log. The Filter Current Log dialog box is displayed.
      5. On the Filter tab, locate the <All Event IDs>.
      6. Enter the login event ID and click OK to filter the target login events.
        • 4624: ID of successful login events
        • 4625: ID of failed login events

Abnormal Logins FAQs

more