Put some plain language into the error messages
Created: 20 Aug 2009 | 4 comments
The email looks like this:
Number of system events detected: 2
System events included:
Server,
Replication,
Backup/Restore,
Errors.
The detail looks like this:
| 08/20/2009 07:28:18 | <server FQDN> | <server name> | Severe | An unexpected exception has occurred | [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece |
Plain language translation:
"Someone tried logging into the SEPM using invalid credentials."
It would be nice if it also had the user name that was attempted as well as the source IP address.
Thanks for listening,
Ray
idea Filed Under:
Comments
the LDAP error is because you have AD authentication
and is formatted that way because that is the way that Microsoft writes the error.
Hmmm...
Hi Jeremy,
Dare I point out that we use AD authentication with Tripwire and while their raw error message contains that same text (I remember the "vece" part fondly), they do report the other details in their alerts? :-)
It's just that it is a 99% useless error message. It requires me to obliquely recognize what it really means after I open the MHT attachment and then request one of the infrastructure folks track down what happened because security does not have access to AD (separation of duties and all that). It requires that at least two people get involved for each failed authentication alert.
If the alert had the user name and source IP, I could handle it myself immediately.
I won't go into what has to happen when it occurs off-hours and I can't open the MHT attachment on my phone. :-)
Ray
I do agree with you
that we should include more useful information on our alerts/notifications as well as being able to have them sent in another format.
I had the same reaction the first time I had a case where the customer was wondering what in the world that error referred to.
It is a good idea.
It is a good idea.
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Would you like to reply?
Login or Register to post your comment.