Failed Logon Alert Configuration Assistance

[cdienger]

Real time alerts are not suited for this either - they can look at events one at a time as they come in but they don't have a counter to track previous events.

[rferebee]

Okay, that's fair.

Can you give me an rough estimate on what your feature request pipeline looks like and where this request might get implemented in the future?

[cdienger]

I don't have much detail that I can provide other than the usual links to the change log which will be updated if the feature is included:

https://www.nagios.com/downloads/nagios ... hange-log/

and roadmaps link:

http://www.nagios.com/roadmaps/

[rferebee]

When will additional reports be made available in Log Server? Unique hosts is great, but I would really love the ability to export some other data automatically from my environment to a CSV on a daily basis.

[cdienger]

What kind of information would you like to see in reports? I can make sure there's an official request for it.

[rferebee]

I would like to create reports for the following:

Specific domain account usage (i.e. when an account with a specific SID is used to logon to a resource anytime within a 24 hour period)

Any account that has more than 10 failed logons in a 24 hour period

To be totally honest, and this might sound crazy, I would like to be able to create reports for any variable in the eventlogs or syslogs captured by Log Server and then be able to set whatever time period I want them to be generated and sent out.

[cdienger]

Thanks for the input. I've filed a feature request to for the additional reports and enhancements.

[rferebee]

Thank you, you can lock this since I'll have to wait until a future update to get what I need.