I have read everything I can find on this site and no one seems to be just trying to alert on all errors in windows logs. If i knew what was going to break I could set up a monitor for each individual event but how do I alert on all errors?

What I have:
Zabbix 1.4.2

Item:
Description: Application log
Type: Zabbix Active
Key: eventlog[Application]
Type of information : log
Update every 30 seconds


Trigger:
Name: Application Log errors
Expression: {Template_Windows:eventlog[Application].logseverity(4)}=4

All I get is a status unknown. What is missing/wrong?

Use:

eventlog[Application,.*]

and maybe

Keep history = 1

now u should see all events from your Eventlog comming into the history.

Trigger seems OK.

Greets
Patrick

Trigger:
Name: Application Log errors
Expression: {Template_Windows:eventlog[Application].logseverity(4)}=4

All I get is a status unknown. What is missing/wrong?

There is a good reason. You're going to get a bunch of useless alerts. The only way to alert with windows logs is to use many inputs from the eventlog.

And for me, eventlog monitoring for some severs causes the agent to crash :(

There is a good reason. You're going to get a bunch of useless alerts. The only way to alert with windows logs is to use many inputs from the eventlog.

And for me, eventlog monitoring for some severs causes the agent to crash :(

For these servers there should be no useless alerts. If a stop happens something broke. Might not be critical but I need someone to go look.

They seem to be working now. the next step is to be more specific and make dependencies for the critical items to be sent to a pager and the rest to a mailbox.