Hello Community,
I need some help with a regular expression to match ALL key words and phrases with a Syslog Message Pattern. This is for Windows Event Logs which are being redirected to syslog.
4625
Microsoft-Windows-Security-Auditing
Failure Reason
Account locked out
Need the Syslog Message Pattern to Trigger when all four are present.
this is trigger an email to help desk and information security for when users have expired accounts, locked out, bad password and help trouble shoot "which" device or service the request was initiated by.
Thank you
