Monitoring Non-Domain servers with local credentials.

Question

We have alert from alert logic which is monitoring the servers, Alert :&nbsp;" Excessive&nbsp;Windows&nbsp;Failed Logins " because we have configured the collector on server which inside the domain and monitoring the few Non-domain windows servers (work group), logic monitor is trying to fetch data with domain credentials and if it fails then it tries with local credentials (WMI USER and WMI PASS) so there is are thousands of rejected or invalid windows logs generated when each time LM tries to fetch data from Non-Domain&nbsp;servers.&nbsp;These rejected sessions create alerts, so LM has to deeply look into these kind of issues and address them with better solution,as on date there is no solution for this except that we have to install additional collector on ND&nbsp;server&nbsp;and &nbsp;monitor ND servers.

mnagel · Answer

I agree -- presence of&nbsp;explicit wmi credentials should mean those are used instead of the collector service account. &nbsp;Worst case, there should be a property to indicate that, but I think that should be the default behavior.

&nbsp;

Forum Discussion

Monitoring Non-Domain servers with local credentials.

1 Reply

Related Content

Domain joined collector polling non-domain joined device

Managing credentials

Process Monitoring

Meraki monitoring within Logic Monitor

Process monitoring (Linux)

Recent Discussions

Dashboard Sharing – An Inline Framing Method

2021-12-15 US Office Hours

Live Training - Tuning Datapoints and Alerts - 15th JUNE 2022 - APAC

Live Training - Introduction to Dashboards - 18th MAY 2022 - APAC

2022-05-11- APAC Product Overview -Collectors, Resources/Groups, Dashboards