AuthAnvil Addin does not alert when the events "Monitor Failed AuthAnvil Logons", "Monitor AuthAnvilOverride Password Used", and "Monitor AuthAnvil Override Group Member Logged On", as specified in Configure Agent Alert Settings, occur.
The AuthAnvil Credential Provider is writing to the AAWinLogonCP event log instead of the Application event log. The root cause of this error is still under investigation and is scheduled to be resolved in the next release of the Credential Provider.
The following workaround is currently available for the Kaseya addin to capture the events from the AAWinLogonCP log in Kaseya:
- Log on to Kaseya
- Under Agent -> Event Log Settings, add AAWinLogonCP to the Assigned Event Logs for the affected machines, making sure to capture Warnings.
- Under Monitor -> Event Log Alerts, (Monitor -> Alerts -> Select Alert Function -> Event Log for versions of Kaseya prior to 6.2) set the Event Log Type to AAWinLogonCP, set the event set to one of the following for the affected machines:
- AuthAnvilOverridePasswordSet, with the type Warning for Override Group Used
- AuthAnvilFailedLogonAttemptsSet, with the type Error for Failed AuthAnvil Logons
- AuthAnvilOverrideGroupMemberLoggedOnSet, with the type Warning for AuthAnvil Override Group Member logins.
- Set your alert actions and rearm settings and apply the event set to the affected machines.
AuthAnvil Credential Provider 3.5 and later with AuthAnvil Addin for Kaseya 2 1.0 and later
If you have any questions or need some help, we would be happy to assist. Open a case at kaseya.zendesk.com .