My team is being asked to identify users that are concurrently logged into numerous servers. We maintain server farms.
Any quick rule for doing this? Any ideas?
We don't want to list all the servers in the rule. Maybe a count on something?
You could use Rules occurence settings in new UI (advanced correlation in older Flex UI) to specify that userName/sourceAccount have to be same in the alerts AND source IP of the event should differ. Set "Set time when a rule won't trigger actions after rule was true" (Re-Infer TOT - in Flex) as well to not fire rule multiple times during few seconds.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.