• State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 32 subscribers
  • Views 557 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Checking for a logged in user with APM?

kb1lxm

Forgive me if I am posting this in the wrong forum first of all.

We have a really wonderful production app that we are monitoring that acts as a bridge between our AS400 and some proprietary devices.  This app is so awesome that it doesn't even run as a service, we have to log in with a service account (Windows server), open up the application, then disconnect from the RDP session and let it run in the background.  Seems today someone hit the log off button instead of the disconnect button and while we were alerted that the process was down, it would be nice to get a notification that the service account had been logged off.  Is there a way with APM (I have APM 3.5 sadly and been begging for an upgrade) to check for this?

I know I should be able to look for the logoff event in the security log but is there any other way to check for the presence of a user is RDPd in and if not trip an alert?

Thanks!

  • 0

    One method you already mentioned would be to use the Event Log Forwarder for Windows to forward these events to Orion and trigger an alert notifying you when this account is logged out. This could also be done with the Windows Event Log Monitor component in SAM/APM.

    Another option would be to use the Remote Desktop Services Application template alert when the number of inactive sessions is equal to zero.

  • 0 in reply to aLTeReGo

    If the application registers as a running process, you can also monitor for that being present or not.  It's possible the user could be logged in but the process could be stopped - you'd be down and not know it.  The Windows Process Monitor could watch for this. 

  • 0 in reply to JedTheHead

    Actually we have been doing that, I have a Process Monitor checking to see if the application is running and I am using the Event Log Monitor to look for any app crashes or errors.

    It would be nice to be able to tell if the service account is no longer connected as a way to explain the "Why it's down" and not "What is down".

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.