I have an alert created to monitor the security logs for event 4740
I have trried including this in the Subject but I can't figure out how to get the event. Acutally all I relly want is the time, and the UserID that is locket out
Alert: ${Alert}
Alert Message: ${AlertMessage}
System Detail: ${SystemSummaryFormatted}
System StatusOrErrorMessage: ${StatusOrErrorDescription}
${Node.Status}
${Node.StatusDescription}
Here is the event trigger. Nothing Fancy.
<?xml version="1.0"?>
-<QUERY><KIND>1</KIND>-<COMPLEX><TAG/><CONNECTIVE>1</CONNECTIVE><CHECKED>1</CHECKED>-<SIMPLE><TAG/><ALIAS/><ADVANCED>0</ADVANCED><COMPARISON>0</COMPARISON><FUNCTION>0</FUNCTION><SORT>0</SORT><CHECKED>1</CHECKED><LEFTSIDEKIND>2</LEFTSIDEKIND><RIGHTSIDEKIND>1</RIGHTSIDEKIND><COMPARISONATTRIBUTES/><FUNCTIONATTRIBUTES/><LEFTFIELDPATH>APM Applications.Application Name</LEFTFIELDPATH><RIGHTFIELDPATH/><LEFTVALUETYPE>0</LEFTVALUETYPE><LEFTVALUE/><LEFTCAPTION>Application Name</LEFTCAPTION><RIGHTVALUETYPE>8</RIGHTVALUETYPE><RIGHTVALUE>User Account Locked Out</RIGHTVALUE><RIGHTCAPTION>User Account Locked Out</RIGHTCAPTION></SIMPLE>-<SIMPLE><TAG/><ALIAS/><ADVANCED>0</ADVANCED><COMPARISON>5</COMPARISON><FUNCTION>0</FUNCTION><SORT>0</SORT><CHECKED>1</CHECKED><LEFTSIDEKIND>2</LEFTSIDEKIND><RIGHTSIDEKIND>1</RIGHTSIDEKIND><COMPARISONATTRIBUTES/><FUNCTIONATTRIBUTES/><LEFTFIELDPATH>APM Applications.Application Status</LEFTFIELDPATH><RIGHTFIELDPATH/><LEFTVALUETYPE>0</LEFTVALUETYPE><LEFTVALUE/><LEFTCAPTION>Application Status</LEFTCAPTION><RIGHTVALUETYPE>8</RIGHTVALUETYPE><RIGHTVALUE>Up</RIGHTVALUE><RIGHTCAPTION>Up</RIGHTCAPTION></SIMPLE></COMPLEX></QUERY>