Hi All,
I have been monitoring failed login event on windows servers using the Zabbix agent/event log monitoring, my trigger is configured to alert more than 15 logins in 5 minutes.
I would like to know if it is possible to improve my trigger so that a certain number of failed logins are required from the same user (currently 15 failed logins from any/all users).
I assume this would require extracting the username from the log and setting it as a variable to compare it to subsequent events?
Any advice on how i might achieve this would be greatly appreciated.
Thanks
Mark
I have been monitoring failed login event on windows servers using the Zabbix agent/event log monitoring, my trigger is configured to alert more than 15 logins in 5 minutes.
I would like to know if it is possible to improve my trigger so that a certain number of failed logins are required from the same user (currently 15 failed logins from any/all users).
I assume this would require extracting the username from the log and setting it as a variable to compare it to subsequent events?
Any advice on how i might achieve this would be greatly appreciated.
Thanks
Mark