ahoj,

pre eventlogy na windows je item key eventlog[name,<regexp>,<severity>,<source>,<eventid>,<maxli nes>,<mode>]





pre RDP ake data ? zvycajne to vzdy konci pri poweshell skripte a userparameroch so vsetkymi plusmi a minusmi , ktore zabbix ma pri zbere logov ( nie je to primarne log collector )

Ahoj,

mrkni sem, mozna ti to pomuze. Umi to hromadu veci


Tom

Ahoj,

Pokud nechceš používat externí skripty, stačí jak píše výše gofree využít eventlog - eventlog[Security,"Logon Type:\s*10",,,^(4624|4625)$,,skip] a přes preprocesing regexem z toho dostaneš account name (?!.*\$)Account Name:\s*(\w+). Zkoušel jsem z toho regexem dostat i workstation, IP - a přesto že test prošel správně, při zpravování to házelo chyby

MW

Hello everyone,

Quick question: I created a scheduled task that listens for the event id 4624 and does the following actions:

1st - Runs a script to get the last event id 4624 available and puts it on %TEMP%/info.txt

2nd - Sends a e-mail to me with the attachment "info.txt" with the last login attempt

It works as expected, except scheduled task STARTS the actions one after another, it doesn't wait for the first action to end before the next action starts so the attachment that I get in the email is from the previous successful login and not the last one because the script probably hasn't finished when the email gets sent
Any idea how I can force the second action to wait for the first action to have finished? Or do I have to make another scheduled task and connect the two? Fly AlaskasWorld