Ok, so I have been working with APM for a few weeks, and in the last few days have been trying to replicate this function in APM (I had it in SCOM and it worked great).
I know that in windows 2K8 R2, the EventID to look for is 4740, and I know that there is a shared template for checking for Event IDs that can find this EventID, but the problem comes when I tried to use logic to search through the EventDescription field to find a specific username, and then send out an alert via email if the account gets locked.
This works excellent for service accounts that are critical to the functions of applications. If the account is locked, a number of things begin to fail.
Here is the logic that I used in SCOM, but I don't know how to store the data in the Component, so that the alert can grab it via variables to send out the alert for the specific criteria.
And Group ALL of these are true
EventID is equal to 4740
Or Group ANY of these are true
EventDescription is equal to username1
EventDescription is equal to username2
EventDescription is equal to username3
I know that I won't be able to do this all inside of the Application component or the Alert by itself, but I'm hoping that there is a way to use them together to make it work.
Thanks in advance for any help you can offer.
