Needing a hand, this is my first time diving into LEM/SEM and created my first rule but doesnt seem to be working. Im trying to send email alerts each time a user gets disabled to our help desk but doesnt look like its executing. Not sure if its my rule or maybe my email template/smtp is incorrect in some way (Im able to send test emails from the SMTP portion in admin console). Images below have more info:
Here are the event rules:
I based it off of these events (edited out certain info)
Account lockout "domain\username"
User Account was locked out after repeated logon failures due to a bad password.
Ah that would make sense, made the change. Is there a way like in Orion to simulate the alert/rule? If not, ill just intentionally lock out one of my accounts to try haha. (If that fixes it ill make sure to give your post correct answer for points)
Normally I would say just use the criteria in a search and that should work, but after trying to do the same it seems like both filters *should* work. Still I would go with the templated one as that should be more thoroughly tested overall.
I would do a build a filter to see if it captures any events.
Then I wold look at Internal Events filter and see if you see any email send failed alerts.
Just a couple of thoughts.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.