Jump to content

Wupsje

Members
  • Content Count

    52
  • Joined

  • Last visited

  • Days Won

    1

Wupsje last won the day on January 17

Wupsje had the most liked content!

Community Reputation

2 Neutral

My Information

  • Agent Count
    1500+

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I looked but apparently we deleted this one. You can easily set it up yourself. you can either search and find the eventlog on the agent that it happened on. Right click it and select Create Event Monitor. Or you could create a monitor with the event id (39) and source iScsiPrt
  2. I think there is a eventid you could watch for that alerts on failed Scheduled tasks.
  3. Wupsje

    Linux - Monitor INODES

    You could setup an remote monitor that parses the df -i output and trigger above a certain percentage.
  4. You could either work this into an remote monitor or an internal monitor. your call. Those monitors you could setup through groups and searches. It's based on eventlogs that are being generated. I tink we setup an search that finds machines with the iscsi initiator installed and the service as automatic/running. And deploy eventlog remote monitor.
  5. Hi, I've posted the XML somewhere in this thread. You can import that. If the parameters give you any trouble. Just replace @paramater@ with a simple fixed value. That should do it.
  6. I'm unsure why it's not working for you. You could use replace that parameters with a fixed value.
  7. Hi, I've found and modified a powershell script that can output HTML and do roughly the same. You will need to setup an SMTP relay server, account and the appropriate email address. Parameters are optional, it will use defaults if you leave them blank. It will email a report. The body and attachment contain the tree sorted by size. If you open the attachment in a browser javascript will kick it to make it expandable. like so: Treesize (Email).xml
  8. Wupsje

    EV - Failed Logins* - making it usable?

    If you set an alert template that creates a ticket and has %RESULT% somewhere in to alert message on failure. you're set.
  9. It seems they (WR) might have a fix soon.. https://community.webroot.com/t5/Webroot-SecureAnywhere-Complete/Task-Manager/td-p/309032/page/14
  10. Wupsje

    File Server Active Ransomware Protection

    Nice, We've already had a working powershell in LT that downloads the filelist from that site. It's only alerting though. Never got around to scripting a SMB Block. Might implement that still.. although it's been quiet on the ransomware infection side recently *crosses fingers*
  11. Wupsje

    EV - Failed Logins* - making it usable?

    Sure, does this help you out? We're settings this on our groups so that it runs on all windows servers.
  12. Wupsje

    EV - Failed Logins* - making it usable?

    We're also using an remote monitor. Since eventlogs get cleared out quickly (DB size) and don't always work right. Offloading it to the remote agent works well. I've formatted the output so you group on anything (eg username, IP address, LogonType). We use this output in a ticket so we can have a technician deep dive into the system %windir%\System32\WindowsPowerShell\v1.0\powershell.exe "Get-EventLog -LogName 'Security' -InstanceId 4625 -After ([DateTime]::Now.AddDays(-1)) -ErrorAction SilentlyContinue | Select-Object TimeGenerated, @{Name='TargetUserName' ; Expression={$_.ReplacementStrings[5]} }, @{Name='WorkstationName' ; Expression={$_.ReplacementStrings[1] -replace '\$$'} }, @{Name='LogonType' ; Expression={$_.ReplacementStrings[10]}}, @{Name='IpAddress' ; Expression={$_.ReplacementStrings[-2]}}, @{Name='IpPort' ; Expression={$_.ReplacementStrings[-5]}} | Where-Object {$_.TargetUserName -ne $env:computername + '$' -and $_.TargetUserName -ne $env:computername -and $_.TargetUserName -ne '-' -and $_.TargetUserName -ne '@'} | Group-Object LogonType, TargetUserName | Where-Object {$_.Count -ge 30} | Sort-Object Count -Descending | FT Count, Name -autosize"
  13. Wupsje

    How to deploy Bios updates remotely in mass.

    Would be nice. We are doing it manually now...
  14. Wupsje

    How to deploy Bios updates remotely in mass.

    Anybody have to deal with HP laptops and desktops yet?
×