Jump to content
[[Template core/front/profile/profileHeader is throwing an error. This theme may be out of date. Run the support tool in the AdminCP to restore the default theme.]]

Community Reputation

0 Neutral

My Information

  • Location
    Australia
  • Agent Count
    1000 - 1500 Agents
  1. Hi CliffO80 I did get it to work in the end, its not perfect, the name of the ticket still lists the Powershell script, but the content does have what im looking for. Its been a while though and i cant recall what changes i made to get it working. Below is a screen shot of all the settings in my monitor, hope it helps get yours working. Also put the Execute info below, pretty sure i didnt change this though. %windir%\System32\WindowsPowerShell\v1.0\powershell.exe "$allevents = Get-EventLog -LogName 'Security' -InstanceId 4625 -After ([DateTime]::Now.AddDays(-1)) -ErrorAction SilentlyContinue | Select-Object TimeGenerated, @{Name='TargetUserName' ; Expression={$_.ReplacementStrings[5]} }, @{Name='WorkstationName' ; Expression={$_.ReplacementStrings[1] -replace '\$$'} }, @{Name='LogonType' ; Expression={$_.ReplacementStrings[10]}}, @{Name='IpAddress' ; Expression={$_.ReplacementStrings[-2]}}, @{Name='IpPort' ; Expression={$_.ReplacementStrings[-5]}} | Where-Object {$_.TargetUserName -ne $env:computername + '$' -and $_.TargetUserName -ne $env:computername -and $_.TargetUserName -ne '-' -and $_.TargetUserName -ne '@'} ; $allevents | Group-Object LogonType, TargetUserName | Where-Object {$_.Count -ge 8} | Sort-Object Count -Descending | FT Count, Name -autosize ; $allevents " Sorry for the large image. Hope it helps you get it working.
  2. Just need to apply the monitor only to your server group. I've turned the entire monitor off on ours though. Too noisy. Only setting up monitors for specific events now.
  3. I'm having the same issue would be interested if someone has a fix for it. Currently have a ticket with connectwise for the issue and i'm waiting to hear back. Will post if they give me a fix.
  4. Hi Guys I know this is an older post but hoping someone can still help me out as i think this will be a very useful monitor. I've tried setting it up as per captainu99's settings and when i test the monitor i can see results as expected but when it creates tickets the %results% seems to be pulling the powershell script instead of results. If i set %results% as the subject it does seem to pull the heading of the information through but gets cut off as its only the heading and obviously doesn't have enough room. Hoping someone can shed some light on what i might have missed in my setup
×
×
  • Create New...