zabbix
How to create an alert for 3 consecutive Windows failed logon events?
I´m new in zabbix.
Currently I have this Trigger that monitors Windows Security event 4625(Failed Logon), that it fires an Info envent in Monitoring > Problems.
{DESKTOP-5UOSKC5:eventlog[Security,,,,4625,,skip].logeventid(4625)}=1
My problem is that it genereate an Alert for every Failed Logon.
How I can achieve only one alert for every 3 events in the same machine?
%7D=1)
Solution
You can count the number of events in a time span. To get an alarm for 3 or more events in a rolling 30 minutes window:
{HOST:eventlog[Security,,,,4625,,skip].count(30m,"4625",regexp)}>=3
- Zabbix5.0 How do I Change disk Monitoring thresholds
- Zabbix web server to Zabbix server connection not working
- Unable to determine current Zabbix database version: the table "dbversion" was not found
- Zabbix Web Monitoring without interfaces
- Zabbix slow disk request responses
- How to fix ImportError: No module named 'telebot'
- How to use a JSON String inside a docker-compose.yml file
- Log exceptions from .NET application to zabbix
- Can we install zabbix server and agents in 2 different networks?
- Zabbix SAML Config using ActiveDirectory WIN 2016-ADFS
- Dockerized Zabbix: Server Can't Connect to the Agents by IP
- Values not matching in same Grafana dashboard
- Problem fetching history of CPU with Zabbix API
- kubernetes set env variable value with index
- MySQL template with Zabbix Agent cannot fetch data
- zabbix error The frontend does not match Zabbix database
- Ansible: working with loops within a task not on a task
- ansible zabbix module - loop though templates
- Zabbix does not let me import a template of size 32MB and tells me I do not have permissions to access this page while I have access of super admin
- Cant add zabbix host ansible
- Zabbix: Difference between "memory usage" and "memory utilization"
- Why is the Zabbix Agent attempting to connect to PostgreSQL using the 'zabbix' user on certain 'zabbix' DB?
- When the same monitoring item is used in the Zabbix trigger, the values of item.value1 and item.value2 in the custom alarm message are always the same
- Zabbix - The buffer pool utilization is too low
- Use JSON value from Zabbix item in two separate instances
- docker container zabbix server - no active checks on server host not found
- Track the date in Zabbix
- How do I get IP address with Zabbix?
- Accessing zabbix API with node-fetch
- How to execute bash script by zabbix agent using sudo?