HI ,
I
am trying to monitor Windows lockout events using check_mk logwatch.
I have instructed windows domain controller to send all security logs to check_mk server and in my check_mk server I have defined following:-
‘Security’: [
( [“DC”], ALL_HOSTS, ‘C’, ‘Locked Out’ ),
( ‘W’, ‘’ ),
],
The issue is If there are 2 or more lockouts happens at
the same time, It will increase the critical counter to 2+ however it will notify only once.
I understand that the previous alert need to be acknowledged so that check_mk can notifie on the second event but in mentioned case all the lockouts happened concurrently.
How can I have separate alert for each lockout ?
Is there any way to auto acknowledge the previous event ??
As you can see below there were 5 critical events at the same time , but I was notified only once.
Hi Can someone help please ?
···
On Mon, Jun 24, 2013 at 9:43 PM, PARAG SRIVASTAVA parag7732@gmail.com wrote:
HI ,
I
am trying to monitor Windows lockout events using check_mk logwatch.
I have instructed windows domain controller to send all security logs to check_mk server and in my check_mk server I have defined following:-
‘Security’: [
( [“DC”], ALL_HOSTS, ‘C’, ‘Locked Out’ ),
( ‘W’, ‘’ ),
],
The issue is If there are 2 or more lockouts happens at
the same time, It will increase the critical counter to 2+ however it will notify only once.
I understand that the previous alert need to be acknowledged so that check_mk can notifie on the second event but in mentioned case all the lockouts happened concurrently.
How can I have separate alert for each lockout ?
Is there any way to auto acknowledge the previous event ??
As you can see below there were 5 critical events at the same time , but I was notified only once.
Problem is you have only one service “LOG Security”. If this service changes state you’re notified - once.
No chance to do that otherwise.
Regards,
Marcel
···
2013/6/27 PARAG SRIVASTAVA parag7732@gmail.com
Hi Can someone help please ?
checkmk-en mailing list
checkmk-en@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en
On Mon, Jun 24, 2013 at 9:43 PM, PARAG SRIVASTAVA parag7732@gmail.com wrote:
HI ,
I
am trying to monitor Windows lockout events using check_mk logwatch.
I have instructed windows domain controller to send all security logs to check_mk server and in my check_mk server I have defined following:-
‘Security’: [
( [“DC”], ALL_HOSTS, ‘C’, ‘Locked Out’ ),
( ‘W’, ‘’ ),
],
The issue is If there are 2 or more lockouts happens at
the same time, It will increase the critical counter to 2+ however it will notify only once.
I understand that the previous alert need to be acknowledged so that check_mk can notifie on the second event but in mentioned case all the lockouts happened concurrently.
How can I have separate alert for each lockout ?
Is there any way to auto acknowledge the previous event ??
As you can see below there were 5 critical events at the same time , but I was notified only once.