In a continuation of our theme this month of cost saving yet effective monitoring techniques, we’re going to look at a problem brought to me by a customer in Singapore that we solved with event log monitoring. In our example, the admin spends a lot of time on the phone with users who’ve locked themselves out of their account. Fixing these problems quickly is a priority. In a large, distributed environment managing domain user security issues can be a challenge. Users lock themselves out of their accounts, they log in where they shouldn’t, accounts expire and get disabled, systems shutdown and startup, login services fail, and many more events are recorded in security event logs that can grow to be extremely large. Unfortunately, parsing huge event logs remotely can be both time consuming and resource intensive using standard protocols, like WMI to query for events. Trying to parse the security log with its many thousands of security audits can become impractical when WMI queries start to take from 3 to 20 minutes to complete.