Eventlog authentication activity for each remote host

Eventlog authentication activity for each remote host

Can someone describe for me the login and authentication activity associated with the Eventlog software? Reports visualize login and authentication activity under the "service" account name used for polling (if your configuration is for the default 10 minute polling, then it will authenticate once every 10 minutes)...got that one. However there are activities that reflect what seems to be the PPID owners name or the name of the account for which the software is loaded and executed. In other words, if the software was installed using user account "administrator" then there are authentication records for each monitored host that reflect this credential. What is that and why is that?

      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
              See all integrations
              New to ADManager Plus?
              See all integrations
              New to ADManager Plus?

                New to ADSelfService Plus?

                Start your free trial
                Start your free trial



                          Related Products