Ad Widget

Collapse

Alerting on errors in windows logs.

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • lwickline
    Junior Member
    • Sep 2008
    • 12
    #1

    Alerting on errors in windows logs.

    I have read everything I can find on this site and no one seems to be just trying to alert on all errors in windows logs. If i knew what was going to break I could set up a monitor for each individual event but how do I alert on all errors?

    What I have:
    Zabbix 1.4.2

    Item:
    Description: Application log
    Type: Zabbix Active
    Key: eventlog[Application]
    Type of information : log
    Update every 30 seconds


    Trigger:
    Name: Application Log errors
    Expression: {Template_Windows:eventlog[Application].logseverity(4)}=4

    All I get is a status unknown. What is missing/wrong?
    Tags: None
    • trikke
      Senior Member
      • Aug 2007
      • 140
      #2
      Use:

      eventlog[Application,.*]

      and maybe

      Keep history = 1

      now u should see all events from your Eventlog comming into the history.

      Trigger seems OK.

      Greets
      Patrick

        Comment

        • bbrendon
          Senior Member
          • Sep 2005
          • 870
          #3
          Originally posted by lwickline
          Trigger:
          Name: Application Log errors
          Expression: {Template_Windows:eventlog[Application].logseverity(4)}=4

          All I get is a status unknown. What is missing/wrong?
          There is a good reason. You're going to get a bunch of useless alerts. The only way to alert with windows logs is to use many inputs from the eventlog.

          And for me, eventlog monitoring for some severs causes the agent to crash
          Unofficial Zabbix Expert
          Blog, Corporate Site

            Comment

            • lwickline
              Junior Member
              • Sep 2008
              • 12
              #4
              Originally posted by infinity005
              There is a good reason. You're going to get a bunch of useless alerts. The only way to alert with windows logs is to use many inputs from the eventlog.

              And for me, eventlog monitoring for some severs causes the agent to crash
              For these servers there should be no useless alerts. If a stop happens something broke. Might not be critical but I need someone to go look.

              They seem to be working now. the next step is to be more specific and make dependencies for the critical items to be sent to a pager and the rest to a mailbox.

                Comment

                Previous template Next
                Working...