Can some one please put together a proper event log monitor how to, including Items, triggers etc. I just cannot find anything in the forum. I have set up the items as suggested. is there any way i can check if the value is being queried by the server, is the server even sending the query, is the agent getting the query, is it sending it back, is the server recieving the query, etc. Active agent queries cannot be checked on the command line as far as I can make out.

My idea is to check the /var/log/secure log for the word "Accepted", as this will mean somebody has logged in to the system succesfully( could be somebody that wants to crack the system.)

I tried to check the agent log files and i don't see any errors, or queries coming in but zabbix server also does not show any errors in the gui to say it cannot send the query.

Any Ideas any one??

If you put the debug level to 4 on both the zabbix server and the server running the agent you can see the requests and successes but there is going to be a LOT of information generated into the Zabbix log and the event viewer system log, it's not easy especially when there are errors as they are not completely clear when it's for the active agent.

I'm having a lot of problems monitoring the event logs and most of it is posted here: http://www.zabbix.com/forum/showthread.php?t=13698 but it appears as if no one has a clue about troubleshooting this or why it doesn't work but a proper guide would be good, there is a slight entry in the wiki http://www.zabbix.com/wiki/howto/monitor/os/windows/monitoring_microsoft_windows_eventlog and http://www.zabbix.com/wiki/howto/monitor/os/windows/monitoringwindows but I'm guessing you want more than this.

Good luck

I think i found it..

Make sure the hostname in the zabbix_agentd.conf file on the monitored host (for active monitoring) has exactly the same name as the host description in the zabbix GUI.

hope this helps someone.

:)