SCOM monitor - detection logon failure attempts in one hour

Hi

Anyone know how to create the detection monitor on scom.

we want to detect if account logon failure attempts count 15 times in one hour on any computers, then it will send a notification email.

this monitor will apply to windows 2003 and windows 2008.

THanks
Alex
FphcareAdminsAsked:
Who is Participating?
 
maqsoodjeeConnect With a Mentor Commented:
Try configure your repeated event monitor like

Target: suitable target
Log name: Application
Event Expression: Event ID equals X
Repeat Settings:
-Counter Mode: Trigger on count
-Compare Count: 15
-Based on a fixed simple recurring schedule
--Period: 60 Minutes
Alerting: Generate alerts for this monitor
0
 
maqsoodjeeCommented:
Go Authoring Pane and create a new monitor. Create a Repeated Event Detection monitor to detect failure logon events. Target your domain controllers.
You should also take a look at the ACS feature of Ops Mgr,
0
 
FphcareAdminsAuthor Commented:
Thanks for the reply, but your monitor will only monitor login on AD. We want to monitor all login on all device such as stand server (it is in same doamin). I can see the logs on security events.

for the test, I have change the target to all windows 2008 computers and change count to 2 with 1minute.

run the test, i can see the failed logon happens on 4 times in 1 minute but no alerts happen.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.