Ad Widget

Collapse

Several log on attempts failed - trigger not working

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Sara.Art
    Member
    • Jun 2020
    • 52
    #1

    Several log on attempts failed - trigger not working

    Hi! I have this trigger:
    {HOST:eventlog[Security,,,,4625,,skip].logeventid(4625)}=1
    that monitors failed login on server. It works, but I need to tell the trigger to alert me when there are e.g. 5 attempts in 3 minutes. I tried this {HOST:eventlog[Security,,,,4625,,skip].count(3m,"4625",regexp)}>=5 but it does not work. How can I fix it? What am I doing wrong? I thank You all in advance. Have a nice day, Sara
    Tags: None
    • Hamardaban
      Senior Member
      Zabbix Certified SpecialistZabbix Certified Professional
      • May 2019
      • 2713
      #2
      I think it will be enogh for you to use the following expression: {HOST:eventlog[Security,,,,4625,,skip].count(3m)}>=5 since the item itself has already selected the desired values of logeventid.

        Comment

        • Sara.Art
          Member
          • Jun 2020
          • 52
          #3
          Thanks a lot Hamardaban!!! It works :-) have a nice day, Sara

            Comment

            Previous template Next
            Working...