Does anyone know if the logmon probe, in command mode, only supports certain types of commands on Windows? I ask because I'm trying to monitor this command:
change logon /query
which tells you if logons are disabled for a server or not. The output in the command prompt is a single simple line
Session logins are currently ENABLED or Session logins are currently DISABLED
I want to monitor on ENABLED using regex, but it just flat out doesn't work. I tried troubleshooting this using the nexec probe and the ouput shows up in the STDERR field. Error? Really? What am I missing? Have I found yet another bug?