We are updating from LEM 6.6 to SEM 2020.2.1. Before doing so, I would like to create a rule to filter on Windows Server Event Viewer ID '5829' This is the event created for non-secure RPC connections. I only want this to apply to domain controllers. I am new to LEM. can anyone help me out with this rule?
I notice you only want to to check DC and I would recommend creating a connection profile under nodes to gather all the DC in one group This you can follow what the process of the that was listed above but also filter by connection profile so into checks DCs. This should cut down on the noise of other agents on your sem.
Check first if you have any events for this before creating a rule.
Once you find the event you can create easily
Here is a script to check
read this too
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.