Nagios Support Forum

Are there any documents on best practices for alerting? By that I mean a single document that lists what would normally indicate things like accounts locked out, multiple bad password attempts, service failures, changes to Windows security policies, etc. and a threshold for sending the alerts. We, like I'd expect most organizations, have a mix of Windows & Linux systems.

Nothing that we would have published, mostly because what is best practice for one organization could be completely useless information for another. We can give you the tools to monitor the logs, but we can't tell you what's important in your organization. That's something that only you and your team can decide.