3 Replies Latest reply on Feb 11, 2016 10:02 AM by zackm

    Display Event Log Errors in IFrame

    stephen.black

      Have a question and would welcome some ideas.

       

      We are using an event log monitor on our domain controllers to catch locked out accounts. Filtering so we only catch alerts for accounts with "svc" in the name as this indicates a service account. I need to have these alerts display in a dedicated IFrame that I can place on a dashboard our Technical Support team uses. So far I have not had much luck. I can get the components on a display but would rather have the actual event log entries so the team can see them after the actual alert has cleared. They can then work down the list and address the alarms based on which ones came in first. Anyone have an idea of how I can make this so? Would welcome any suggestions. Thanks in advance.

        • Re: Display Event Log Errors in IFrame
          zackm

          Not sure how to do this with an alerting overview, but I know you can setup an embedded report on a dedicated summary page and then just iFrame that.

           

          Let me know if that would work and I can find my query for it.

            • Re: Display Event Log Errors in IFrame
              stephen.black

              I think that would work.

                • Re: Display Event Log Errors in IFrame
                  zackm

                  try this as a custom table resource:

                   

                  select
                  dateadd(mi, datediff(mi, getutcdate(), getdate()), timegeneratedutc) as 'Time Stamp'
                  ,computername as 'Domain Controller'
                  ,LEFT(TBL.source, 100) + '...' source
                  ,LEFT(TBL.dest, CHARINDEX('Additional', TBL.dest)-1) as 'User Name'
                  ,REVERSE(LEFT(REVERSE(TBL.dest), CHARINDEX(':', REVERSE(TBL.dest)) - 1)) as 'Computer Name'
                  FROM (
                      SELECT message source, 
                                    timegeneratedutc, 
                                    computername, 
                                    REVERSE(LEFT(REVERSE(message), CHARINDEX(CHAR(9) + REVERSE('Account Name:'), REVERSE(message)))) dest 
                                  FROM apm_windowsevent_detail
                                  WHERE componentid in (select id from apm_component where name = 'User Account: Account was locked out')
                    AND message like '%svc%'
                  ) as TBL
                  ORDER BY 'Time Stamp' DESC
                  ;
                  

                   

                  Update line 13 to match whatever the component name is for your event log monitor.

                   

                  -ZackM

                  Loop1 Systems: SolarWinds Training and Professional Services