Add a field to alert

[Titkun]

Hi,
I have created a query and an alert for Windows Event ID 4740 (AD account lockout).
The alert runs every 30 minutes and sends an email if there is at least one lockout (in the past 30 minutes).
However, I would like to insert the value of <TargetUserName> to the email so that we know the name of the lockout account.

Currently I don't know how to do that, so every time I receive an alert email, I have to log in to Nagios Log Server, open the query to see the name of the lockout account. It's very inconvenient.

Could you please show me how can I extract that information to the alert email ?
Thank you very much for your help.

[ssax]

You should be able to setup an Email Template in Alerting that uses %lastalertlog% or %last10alertlog% and use that on the alert but there's not currently a way to add custom ones. I can submit a feature request on your behalf if you'd like?

[Titkun]

Yes ssax,
Thank you very much, please submit that feature request for me.
I just need to insert one (or some) fields in the query, not all the information as %lastalertlog%.

It's nice if I can insert such as %lastalertlog%:%TargetUserName%

[ssax]

I've requested the feature be added:

Code: Select all

FR: LS - Add the ability to add custom fields (from the log) to the Alerts email templates.

Please keep in mind that the decision to implement the enhancement is at the discretion of our development team.

Thank you