Hello all,
Just moved from Observium to Librenms and am very happy with the change.
I have a question about alerting on Active Directory Account lockouts via syslog messages on a DC.
I have an alert that is working to find account lockouts, however within the Alert I want to pickup the user that has been locked out and pass that to the Alert Template.
Using “%value.msg” will pass the entire syslog message, which does have the data inside It that I want to single out, Im just not sure how to pass the data as a variable to the template.
So essentially I want the Alert template to say:
“Account Name [variable from syslog message] was locked out”
The syslog message is in the format:
“Account That Was Locked Out:
Security ID: domain\username
Account Name: username”
Any ideas or point me in the right direction? Is it even possible?
Thanks!