Ad Widget

**nathanvandalen** · 30-01-2024, 20:28

Think the best way is to use the count() history function

4 History functions (zabbix.com)

Examples:
count(/host/key,10m,"like","error") #the number of values for the last 10 minutes until now that contain 'error'

**BigSmooth** · 30-01-2024, 20:59

If I am not wrong, it will not be counted per login name, will it?
I don't want to raise an alarm if 10 users made a mistake, but if 1 user made 3 login attempts.

**cyber** · 31-01-2024, 11:04

Then you need trigger per user... I cannot think of any function, that would take any possible value and count them in time... Trigger function is dumb in that sense... if you do not tell it, what to look for, ie. what username, then it does not know it...

**BigSmooth** · 31-01-2024, 12:55

I was looking for something like (if you are familiar with sql):

Code:

select username, count(*) from failed_login group by username;

2024-01-30 15:07:50	user1
2024-01-30 15:03:50	user2
2024-01-30 15:02:50	user1
2024-01-30 14:58:50	user1
2024-01-30 14:34:50	user1
2024-01-30 14:28:50	user1

Ad Widget

Which function for "Too Many Login Attempts"

Which function for "Too Many Login Attempts"

Comment

Comment

Comment

Comment