Ad Widget

Collapse

Windows eventlog monitoring

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Ragdaj
    Junior Member
    • Sep 2011
    • 3
    #1

    Windows eventlog monitoring

    We have Exchange 2010 with OWA, and sometimes, someone is trying to brute-force it. There are a lot of errors Audit Failure - An account failed to log on. (ID 4625) in Security eventlog , ~50 in one minute.

    We have Zabbix 1.8.6. Help me, please, which Item and Trigger i have to create, that in case i have more then 40 errors in one minute with ID 4625, e-mail will be send.

    Thank you in advance.
    Tags: None
    • frater
      Senior Member
      • Oct 2010
      • 340
      #2
      I thought it was interesting to know too, so I looked into it and created this item:

      Code:
      eventlog[Security,,,,4625]
      I have modified the template "Windows_Logging" and added the item and a trigger. The trigger now merely gives the message that such an error occurs....

      You should continue working on it and of course give feedback here.....
      I think I gave you a good start.
      Attached Files
      Zabbix agents on Linux, FreeBSD, Windows, AVM-Fritz!box, DD-WRT and QNAP

        Comment

        • Ragdaj
          Junior Member
          • Sep 2011
          • 3
          #3
          Thank you very much I have created the same item, but could not configure trigger properly to act only when mass errors occur
          Last edited by Ragdaj; 02-09-2011, 13:47.

            Comment

            • frater
              Senior Member
              • Oct 2010
              • 340
              #4
              As I said... I gave you a start.....
              Try to solve it...
              If I have the time I will look into it again.
              I'd like to have it too.....
              Zabbix agents on Linux, FreeBSD, Windows, AVM-Fritz!box, DD-WRT and QNAP

                Comment

                Previous template Next
                Working...