Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Server & Application Monitor (SAM) > Create a Report on Captured Account Lockout Event Logs

Create a Report on Captured Account Lockout Event Logs

Table of contents
Created by Tiarnan Stacke, last modified by MindTouch on Jun 23, 2016

Views: 231 Votes: 1 Revisions: 4

Overview

This article provides steps on how to create a report on Account Lockout Events which are captured by SAM.

Environment

All Versions of SAM

Detail

First, apply the Windows Domain Controller Template to your DC in SAM

 

Please see this link for steps on how to apply the template to your DC Node.

 

Creating the Report:

  1. Open the Orion Web Console.
  2. Go to the Settings page > Manage Reports > Create New Report.
  3. Choose the Custom Table Resource.
  4. Select and continue.
  5. Change the Selection Method to Advanced DataBase Query (SQL, SWQL).
  6. Change the Radial button to SQL.
  7. Paste the following SQL Query into the window

    2008/2012 Domain Controller
    SELECT TOP 1000 [ComponentID]
          ,[LogFile]
          ,[RecordNumber]
          ,[ComponentStatusID]
          ,[EventType]
          ,[EventCode]
          ,[TimeGeneratedUtc]
          ,[ComputerName]
          ,[SourceName]
          ,[User]
          ,[Message]
    FROM APM_WindowsEvent_Detail
    WHERE EventCode = '4740'
    ORDER BY TimeGeneratedUtc DESC


    2003 Domain Controller
    SELECT TOP 1000 [ComponentID]
          ,[LogFile]
          ,[RecordNumber]
          ,[ComponentStatusID]
          ,[EventType]
          ,[EventCode]
          ,[TimeGeneratedUtc]
          ,[ComputerName]
          ,[SourceName]
          ,[User]
          ,[Message]
    FROM APM_WindowsEvent_Detail
    WHERE EventCode = '539'
    ORDER BY TimeGeneratedUtc
    DESC
  8. Click Add to Layout.
  9. Add all of the columns you want to see in the report.
  10. Save the changes and save the report.

 

If you want to schedule this report in an email, follow the steps in this document.

 

Last modified
02:49, 23 Jun 2016

Tags

Classifications

Public