Jump to content

Event Log Filter / Random


wpatterson

Recommended Posts

Hello,

I've setup the event log filter on a few hosts on my network to log bad logon events.

It works sometimes which is weird .. it seems to be completely random when I do and don't receive the alerts and notifications.

Sometimes they go through just fine, other times I can try to enter a bad password 10 times (to test) and receive nothing.

Under event log filter here is what I have:

Event Logs: Security

Level: Audit Failure

Event IDs: 4625, 529, 530, 531, 532, 533, 534, 535, 536, 537

Notification Priority: Elevated

Any ideas?

thanks!

Link to comment
Share on other sites

  • Administrators

The notification will be fired if there is no other notification from the same event filter. This is to prevent getting too many notifications from the same event filter.

Please make sure you delete the previous notification and test again.

Link to comment
Share on other sites

  • 4 months later...

Is there any way to control this at all ?  

I'm looking at setting up a filtered event notification to see if nightly backups have completed OK / not (i.e. I want a success notification as well as just a failure notification)

I can see that not being swamped by events is a good idea - but as I understand it that means if I haven't cleared last nights successful backup event I won't get tonights.  Ideally I'd like to be able to set the interval (e.g. don't send the same event within an hour or 12 hours if not cleared etc)

I can see you might want to limit how short an interval this can be set to - maybe an hour minimum ?

Is this possible at all ?

Thanks

Link to comment
Share on other sites

  • 7 months later...
  • Administrators

We're adding repeating notifications support for event log filters in the next release (3.4.1) - it will be available for subscribers and enterprise users.

As well, we're adding support for Applications and Services event log sources in the event log filter.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...