Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Other Using Splunk
- :
- Alerting
- :
- How to configure NPS to forward login error logs t...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to configure NPS to forward login error logs to Splunk server and set up an alert when accounts are locked?
Good morning...
I am very new to Splunk (I am sure that this is how a lot of people begin their posts....but anywho) and am trying to get info from an NPS server to a newly created splunk server. I need to troubleshoot some wireless issues with an Aerohive wireless infrastructure. I have the APs sending syslog data to Splunk and although it does in fact send info there, I need stuff specifically with login errors and possibly the ability to create alerts when accounts are locked.
Thanks in advance for the help.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am new to Splunk as well, but this is what I did to get NPS event logging into Splunk.
First, NPS was set up to log to SQL. See https://technet.microsoft.com/en-us/library/dd197595%28v=ws.10%29.aspx and other documents on how to do this. (The SQL DB was set up by someone other than me so I can't provide good details)
Second, I installed the Splunk DBConnect application. With that I set up a DB connection to the NPS SQL database, and then defined database input of the type 'tail' with a "Rising Column" of the id field from the database. I didn't specify any special SQL query so I get all events, and I used the 'auto' interval method.
This seems to be working just fine.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @bucfan609
Just wanted to make sure, but are you actually referring to the Splunk for Wireless Networks app (https://apps.splunk.com/app/980/ ) in this post, or was that on accident? If not, then I'll remove that tag for you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am sorry. I didn't meant to tag that.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No problem, just fixed it for ya.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you manage to get it working? what did you do to achieve it if you did get it working as im currently trying to evaluate on what data to create a dashboard for failures and login failures and lockouts.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Index This | What travels the world but is also stuck in place?
Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data
Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...
