All questions related to installations, configurations and maintenance of Advanced Host Monitor (including additional tools such as RMA for Windows, RMA Manager, Web Servie, RCC).
I have a test that checks Windows event logs for OWA login failures (event ID 4625).
In that test, I extract some useful details with a tune-up like this:
if ("%SuggestedStatus%"=="Bad") [substr("%SuggestedReply%",indexof("%SuggestedReply%","Account For Which"),1000) getlinewith "Account Name"] | ["%SuggestedReply%" getlinewith "Failure Reason"] | ["%SuggestedReply%" getlinewith "Source Network Address"]
What I would like to do is create an alert to notify the specific user an attempt was made to login with their credentials.
Do you think that is feasible?
So you need to translate message from event log to some e-mail address? message with usernameA -> e-mailA; message with usernameB -> e-mailB?
You can use IF statements and put just e-mail into Reply field, then use %Reply% variable for the action (recipient field) but I don't think this is good solution, especially if you have many users and/or you want to modify event log message...
Better use different test items for different users. Not a perfect solution either when you have many users.
What I will do instead, is whip up a powershell script to scrape the eventlog for 4625 events and if found, send the email message to the user + set test status to warning.
That'll do as well
