Ad Widget

**gospodin.horoshiy** · 23-03-2009, 13:29

Try to check agent's log in debug mode

**plop** · 23-03-2009, 17:22

Hello,

Thanks for you answer.

I've started the agent in debug mode. I don't see any reference to Event Logs in the debug file.

Do I have to make some client-side modifications to enable event logs monitoring ?

**gospodin.horoshiy** · 23-03-2009, 17:38

No no configuration required
Well, if you don't see any references, then I think that item not assigned to the host(agent) for some reason. Is it enabled or disabled ?
In other case, you would see something like NOT_SUPPORTED or other errors related to eventlog[application] for example in your agent log. Try digging from server's side

Is it active or passive agent?

**krimson** · 23-03-2009, 18:12

Are you sure you enabled active checks in your zabbix agent configuration and set the hostname of the monitored server ? The hostname should match the hostname you defined in the zabbix database (case sensitive !).

**plop** · 24-03-2009, 16:56

Hello,

First, thank you for your help.

I've checked, the agent seems correct :

Code:

ZABBIX agent (active)

The hostname value is the same on both server and client.

I guess I'm doing wrong, but I can't figure where...

**Ranjit** · 11-03-2010, 14:42

I am having the same exact issue.

In the Overview screen, the row that is for collecting logs stays dark grey. On clicking the cell and then "Events", it takes me to the Events page and there is no data here.

However, the Status of the Item as reported by the Agent indicates there are no problems.

Any clues?

**Ranjit** · 25-03-2010, 01:27

Ok, i got this working finally and has to do with the agent side config.

The Hostname parameter in the zabbix_agentd.conf has to be configured properly and should be the exact name that one gives while *creating host on zabbix server* . This config has to be properly for all Active Checks.

Unfortunately, there is nothing logged in the agent side log as well even with Debug=4. And more as a problem, that is per design. The Zabbix Server will ask the agent to do the active checking only if the Hostname in the agent config is the same as the name of the Host configured on the Server.

At its basic level, this misunderstanding comes due the over-usage of words like host and server. In the Zabbix context, depending on what you are talking about, a host can mean,
- a system
- a FQDN
- a Zabbix name for a system (this is the problem) and so on.

Similarly, probably the Zabbix Server should be called Zabbix CMS or something similar.

When i am done with all the full config, will blog the whole process.

**plop** · 05-08-2010, 11:38

Hello,

This problem is back, as I have some time to experiment Zabbix 1.8.2.

I'm not able to get windows events...

The configuration of zabbix_agentd.conf seems to be correct, active checks enabled, correct case-sensitive hostname :

Code:

DebugLevel=0
LogFile=C:\Program Files\Zabbix Agent\Zabbix_agentd.log
EnableRemoteCommands=1
Server=192.168.40.10
Hostname=srv-vcm1
ListenPort=10050
ServerPort=10051
StartAgents=5

I see nothing in both agent logs or server logs.

My item is :
eventlog[Application]

The associated trigger :
{A-Journaux_Windows:eventlog[Application].logseverity(4)}=4

Why don't Zabbix have a easier way to monitor Windows event logs ? I mean, Microsoft Windows is not very rare in IT environments, why keep it so complicated... But I like to have so much choice.

I'm very close to the perfect monitoring solution, if anybody can help me...

Thank you in advance.

**zalex_ua** · 07-08-2010, 11:15

You should change the Host name into zabbix WEB-interface from "A-Journaux_Windows" to "srv-vcm1".
This is your mistake.

**plop** · 09-08-2010, 12:31

Originally posted by zalex_ua

You should change the Host name into zabbix WEB-interface from "A-Journaux_Windows" to "srv-vcm1".
This is your mistake.

Thank you for your help.

Sorry, but the hostname is right, I've checked it. I've just pasted the extract from the template... but the final configuration reflects the correct hostname.

Do you have some other clues ?

**hulting74** · 09-08-2010, 13:46

Hi

I have this working with the template i created, you can download it here. (bottom of the page, which also includes some screendumps) :-)

http://www.zabbix.com/wiki/howto/mon...ndows_eventlog

/S

**plop** · 18-08-2010, 09:43

Originally posted by hulting74

Hi

I have this working with the template i created, you can download it here. (bottom of the page, which also includes some screendumps) :-)

http://www.zabbix.com/wiki/howto/mon...ndows_eventlog

/S

Thank you for your help.

I have reproduced exactly the same configuration, but I can't see any logs.

I have some questions about your indications. On the triggers, which one is the correct syntax :

Code:

{srv-vcm1:eventlog[System].logseverity(0)}=4

or

Code:

{srv-vcm1:eventlog[System].logseverity(4)}=4

?
Your screenshots differs from your text indications.

I've tried both, but I see no changes.

I can't import the XML file you provide, it gives me the following error :

Code:

XML file contains errors. Fatal Error 5: Extra content at the end of the document [ Line: 335 | Column: 2 ]

If I remove the last line

Code:

</zabbix_export>

it imports successfully, but no new items or triggers are created.

Thanks everyone for your help.

Looking forward to reading from you.

**zalex_ua** · 19-08-2010, 02:46

Originally posted by plop

I have some questions about your indications. On the triggers, which one is the correct syntax :

Code:

{srv-vcm1:eventlog[System].logseverity(0)}=4

or

Code:

{srv-vcm1:eventlog[System].logseverity(4)}=4

?
Your screenshots differs from your text indications.

I've tried both, but I see no changes.

Indeed, the difference should not be.
According to the documentation
http://www.zabbix.com/documentation/...onfig/triggers

ARGUMENT in function 'logseverity' is ignored.

I've tested it personally - everything works according to the documentation.
In fact, on the forum are many examples where users are in parentheses use different numbers and think that they mean something. But they are wrong. There must be a either a number, I propose to use 0.
This I corrected recently these errors on Wiki. Now there is correct.
http://www.zabbix.com/wiki/howto/mon...ndows_eventlog

**plop** · 19-08-2010, 09:30

Originally posted by zalex_ua

Indeed, the difference should not be.
According to the documentation
http://www.zabbix.com/documentation/...onfig/triggers

ARGUMENT in function 'logseverity' is ignored.

I've tested it personally - everything works according to the documentation.
In fact, on the forum are many examples where users are in parentheses use different numbers and think that they mean something. But they are wrong. There must be a either a number, I propose to use 0.
This I corrected recently these errors on Wiki. Now there is correct.
http://www.zabbix.com/wiki/howto/mon...ndows_eventlog

Thank you for your help.

I've modified every trigger according to your information. Even if I change the number to catch ERROR, INFORMATION or WARNING, I see no changes in zabbix reporting.

Trigger :

Code:

{srv-vcm1:eventlog[Application].logseverity(0)}=1

Item :

Code:

eventlog[application]

How can I generate more logs ? (I've tried to change the parameter DebugLevel on zabbix agent, but no usable information is shown about event logs).

Thank everyone for your answers.

Ad Widget

Windows Event Logs

Windows Event Logs

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment