I setup the User Account lockout template to monitor the event log and to send out an alert when an account gets locked out. Below is the component monitor setup. I am spinning my wheels here trying to figure out why it is not working.
This should be easy but for some reason I can't get this. Maybe our logs are flipping too fast? Thanks!
I'd start by leaving the log source and event inclusion empty, as well as setting the event type to any. Then assign this app template to the server that is hosting Active Directory.
I did what you suggested and still a no go. We finally saw the event ID 4740 on a DC and it still did not pick it up in Solarwinds. I am thinking I may create this monitor from scratch and see if it works.
hmm perhaps you can turn on debugging and then look at the log and see if that sheds any light on why its not working as expected
Of course it is just easier to purchase the log analyzer and have it work. If we were not running Log Rhythm all over the place I could probably bring up log analyzer BUT...
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.