Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 671 Source: Security

Source
Description
User Account Unlocked:
Target Account Name: <name>
Target Domain: <domain>
Target Account ID: <ID>
Caller User Name: <name>
Caller Domain: <domain>
Caller Logon ID: (<ID>).
Comments
 
As per Microsoft: "When you reactivate an account that was locked out, Event 671 may be logged two times in the security event log. When this behavior occurs, network traffic may increase slightly in certain circumstances. For example, traffic may increase if you use third-party programs to manage accounts and passwords, because the account management program must process the request to reactivate the account two times". See ME840036 for a hotfix applicable to Microsoft Windows Server 2003.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...