Hi everyone,
my goal is to have a trigger that fires when more than 3 failed logon events have occurred within 30 minutes and the problem shouldn't disappear by itself.
I've already spent a lot of time on this issue and can't get any further.
I also came across a post here in the forum where the solution unfortunately didn't work for me.
My item is included:
eventlog[Security,,,,4625,,skip]
Together with this item, I tried the following triggers, which did not work:
last(/APP-Domain Controller by Zabbix Agent 2 active/eventlog.count[Security,,,,4625,,skip])>=3
count(/APP-Domain Controller by Zabbix Agent 2 active/eventlog[Security,,,,4625,,skip],30m, "eq",4625)>=3
I have also experimented with the item key eventlog.count, but unfortunately a trigger there cancels itself if the value is below 3 in the following 30 minutes.
I would be very grateful for your help
my goal is to have a trigger that fires when more than 3 failed logon events have occurred within 30 minutes and the problem shouldn't disappear by itself.
I've already spent a lot of time on this issue and can't get any further.
I also came across a post here in the forum where the solution unfortunately didn't work for me.
My item is included:
eventlog[Security,,,,4625,,skip]
Together with this item, I tried the following triggers, which did not work:
last(/APP-Domain Controller by Zabbix Agent 2 active/eventlog.count[Security,,,,4625,,skip])>=3
count(/APP-Domain Controller by Zabbix Agent 2 active/eventlog[Security,,,,4625,,skip],30m, "eq",4625)>=3
I have also experimented with the item key eventlog.count, but unfortunately a trigger there cancels itself if the value is below 3 in the following 30 minutes.
I would be very grateful for your help