KS-Soft. Network Management Solutions
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister    ProfileProfile    Log inLog in 

Use variable from Event Log test to use in alert

 
Post new topic   Reply to topic    KS-Soft Forum Index -> Configuration, Maintenance, Troubleshooting
View previous topic :: View next topic  
Author Message
Kris



Joined: 12 May 2010
Posts: 375
PostPosted: Mon Sep 11, 2023 2:55 am    Post subject: Use variable from Event Log test to use in alert Reply with quote
Hi all,

I have a test that checks Windows event logs for OWA login failures (event ID 4625).
In that test, I extract some useful details with a tune-up like this:

Code:
if ("%SuggestedStatus%"=="Bad")  [substr("%SuggestedReply%",indexof("%SuggestedReply%","Account For Which"),1000) getlinewith "Account Name"]  |  ["%SuggestedReply%" getlinewith "Failure Reason"]  |  ["%SuggestedReply%" getlinewith "Source Network Address"]


What I would like to do is create an alert to notify the specific user an attempt was made to login with their credentials.
Do you think that is feasible?

Thanks!

Best regards,
Kris
Back to top
View user's profile Send private message
KS-Soft



Joined: 03 Apr 2002
Posts: 12795
Location: USA
PostPosted: Mon Sep 11, 2023 4:39 am    Post subject: Reply with quote
So you need to translate message from event log to some e-mail address? message with usernameA -> e-mailA; message with usernameB -> e-mailB?
You can use IF statements and put just e-mail into Reply field, then use %Reply% variable for the action (recipient field) but I don't think this is good solution, especially if you have many users and/or you want to modify event log message...

Better use different test items for different users. Not a perfect solution either when you have many users.

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
Kris



Joined: 12 May 2010
Posts: 375
PostPosted: Mon Sep 11, 2023 7:30 am    Post subject: Reply with quote
Thanks for your reponse, Alex.

What I will do instead, is whip up a powershell script to scrape the eventlog for 4625 events and if found, send the email message to the user + set test status to warning.
That'll do as well

Thanks for inspiring
Back to top
View user's profile Send private message
KS-Soft



Joined: 03 Apr 2002
Posts: 12795
Location: USA
PostPosted: Mon Sep 11, 2023 8:54 am    Post subject: Reply with quote
You are welcome

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    KS-Soft Forum Index -> Configuration, Maintenance, Troubleshooting All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
KS-Soft Forum Index