Use this Knowledge Script to monitor the rate of Kerberos Key Distribution Center (KDC) requests. The Key Distribution Center provides services for authentication and security. This script lets you set thresholds for Authentication Service (AS) requests per second and Ticket Granting Service (TGS) requests per second. In addition, this script raises an event if either threshold is exceeded.
HINT:This scripts monitors the number of authentications per second coming into the KDC. A burst indicates a surge of logon traffic.
This script gathers the following Windows performance counter values for use in data collection and threshold monitoring:
Performance Objects |
Counters |
---|---|
NTDS Security System-Wide Statistics |
KDC AS Requests KDC TGS Requests |
Active Directory domain controller
The default interval for this script is Every 30 minutes.
Set the following parameters as needed:
Parameter |
How to Set It |
---|---|
General Settings |
|
Raise event if job fails |
|
Event severity when job fails |
Set the severity level, from 1 to 40, to indicate the importance of an event in which the KDCRequests job fails. The default is 35. |
Monitor KDC request rate |
|
Event Notification |
|
Raise event if KDC request rate exceeds a threshold? |
Select Yes to raise an event if the KDC request rate exceeds the threshold you set. The default is Yes. |
Threshold -- Maximum Authentication Service request rate |
Specify the maximum number of Authentication Service requests allowed per second before an event is raised. The default is 20 requests per second. |
Threshold -- Maximum Ticket Granting Service request rate |
Specify the maximum number of Ticket Granting Service requests allowed per second before an event is raised. The default is 20 requests per second. |
Event severity when either threshold exceeded |
Set the severity level, from 1 to 40, to indicate the importance of an event in which a threshold is exceeded. The default is 20. |
Data Collection |
|
Collect data for KDC request rates? |
Select Yes to collect data for charts and reports. If enabled, data collection returns the rate of Authentication Service and Ticket Granting Service requests (requests/ second) during the monitoring interval. The default is unselected. |