I wanted a simple way to make logins to some Azure VM’s more transparent. You can dig around in the Event Logs for failed logins, but I wanted to monitor for a failed login, write a log file, send it to InfluxDB, visualize with Grafana, and send an alert.
My solution Consist of two files on disk.
- A Scheduled Task that monitors “Microsoft Event” logs for Event ID:
4625 - A powershell script that writes a log file on disk and sends an
Invoke-WebRequestto an InfluxDB server with the data in Line Protocol (to be visualized with Grafana for setting alerts)
Once it’s up and running, it’s been great and easy to copy and setup on other serves.
