Forum Discussion

Shivaprakash_Y's avatar
8 years ago

Monitoring Non-Domain servers with local credentials.

We have alert from alert logic which is monitoring the servers, Alert" Excessive Windows Failed Logins " because we have configured the collector on server which inside the domain and monitoring the few Non-domain windows servers (work group), logic monitor is trying to fetch data with domain credentials and if it fails then it tries with local credentials (WMI USER and WMI PASS) so there is are thousands of rejected or invalid windows logs generated when each time LM tries to fetch data from Non-Domain servers. These rejected sessions create alerts, so LM has to deeply look into these kind of issues and address them with better solution,as on date there is no solution for this except that we have to install additional collector on ND server and  monitor ND servers.

1 Reply

Replies have been turned off for this discussion
  • I agree -- presence of explicit wmi credentials should mean those are used instead of the collector service account.  Worst case, there should be a property to indicate that, but I think that should be the default behavior.