I have created a Template for monitoring eventlog on a Microsoft Windows machine, tested on Windows 2003 Standard Edition.

Standard Eventlog

• eventlog[application] for the Application log in Eventviewer.
• eventlog[security] for the Security log in Eventviewer.
• eventlog[system] for the System log in Eventviewer.

Which are added to the template ex Template_Eventviewer
Active Directory enabled device

• eventlog[Directory Service]
• eventlog[DNS Server]
• eventlog[File Replication Service]

Make the items as shown in the picts on my page and you are fine, though it would be nice if it only showed the events from 24 hours ago… But im working on it, if anyone of you outthere have any ideas.

• {Template_Eventviewer:eventlog[System].logseverity(0)}=1 means INFORMATION message from System event log.
• {Template_Eventviewer:eventlog[System].logseverity(0)}=2 means WARNING message from System event log.
• {Template_Eventviewer:eventlog[System].logseverity(0)}=4 means HIGH message from System event log.
• {Template_Eventviewer:eventlog[System].logseverity(0)}=8 means SECURITY message from System event log.

Usually i try to add everything to the same Template, ex Template_Eventviewer and then add it to the devices that require it.

• Example picts for ITEMS and TRIGGERS:

http://picasaweb.google.se/stefan.hulting/Zabbix#
To download XML file: eventlog
* Update = corrected logseverity numbers.
* Update 2009-01-19 = Added internal link to XML file.
* Update 2009-03-13 = Added some more information to clarify.

Have fun and good luck