Hi all,
i have the following problem, i try to monitor the login of users on windows servers. After the trigger fires an action should send an email out.
All that happens, i can see on what server the user logs in, the problem is that i can not get the Username from the eventlog to be send in the alert email, anybody who has an idea, how to realize that?
This is my trigger:
{Template_AD_Domain_Controller:eventlog[Security].logeventid(528)}=1 & {Template_AD_Domain_Controller:eventlog[Security].str("User32")}=1 & {Template_AD_Domain_Controller:eventlog[Security].str("Erfolgreiche Anmeldung:")}=1
This is my actionmail:
Trigger: {TRIGGER.NAME}
Trigger status: {TRIGGER.STATUS}
Trigger severity: {TRIGGER.SEVERITY}
Trigger URL: {TRIGGER.URL}
Item values:
1. {ITEM.NAME1} ({HOSTNAME1}:{TRIGGER.KEY1}): {ITEM.LASTVALUE}
ITEM LASTVALUE does never contain the corresponding event, so it is not the event that triggered the trigger
HELP!
Saint.
i have the following problem, i try to monitor the login of users on windows servers. After the trigger fires an action should send an email out.
All that happens, i can see on what server the user logs in, the problem is that i can not get the Username from the eventlog to be send in the alert email, anybody who has an idea, how to realize that?
This is my trigger:
{Template_AD_Domain_Controller:eventlog[Security].logeventid(528)}=1 & {Template_AD_Domain_Controller:eventlog[Security].str("User32")}=1 & {Template_AD_Domain_Controller:eventlog[Security].str("Erfolgreiche Anmeldung:")}=1
This is my actionmail:
Trigger: {TRIGGER.NAME}
Trigger status: {TRIGGER.STATUS}
Trigger severity: {TRIGGER.SEVERITY}
Trigger URL: {TRIGGER.URL}
Item values:
1. {ITEM.NAME1} ({HOSTNAME1}:{TRIGGER.KEY1}): {ITEM.LASTVALUE}
ITEM LASTVALUE does never contain the corresponding event, so it is not the event that triggered the trigger
HELP!
Saint.