I'm totally new to SCOM. I need detailed steps in creating a monitoring in scom 2012, when ever someone who is not authorized to login, attempted to login set of machines I need to get an email alert. How can I do it? please Help.
Asked
Active
Viewed 484 times
1 Answers
0
You have to create an event based monitor and look in the security log for the ID's associated with the events you want to trap.
This post describes it best:
Here's a video on how you do it. https://www.youtube.com/watch?v=HbYtnd2pemc
After the above is set up, you'll need to create the alert notification. You'll add yourself as a Subscriber in the admin panel of SCOM and create a subscription to email you the (Subscriber). Then you'll attach that subscription to the rule you created in the document above.
You'll see the detail steps here: https://technet.microsoft.com/en-us/library/hh212725(v=sc.12).aspx
You're asking a really broad question with lots of different steps, but this will get you started.
Henry
- 2,953
- 2
- 21
- 34