Ad Widget

**Mindaugas** · 29-04-2009, 20:24

Should I have to create special zabbix account in a domain (or local account) to gather information from Windows Event logs?

**jroberson** · 01-05-2009, 16:56

Are you using "Zabbix agent (active)" as your check type? If you already are, then you need to make sure the zabbix_agentd.conf file on the hosts side to make sure that the "Hostname=" option for each host is the same as the name of the host in Zabbix. There is no need for a special account (I don't think so at least) if Zabbix Agent is run as a system service (as local admin) on the Win2k3 servers.

**Mindaugas** · 20-05-2009, 10:53

Originally posted by jroberson

Are you using "Zabbix agent (active)" as your check type? If you already are, then you need to make sure the zabbix_agentd.conf file on the hosts side to make sure that the "Hostname=" option for each host is the same as the name of the host in Zabbix. There is no need for a special account (I don't think so at least) if Zabbix Agent is run as a system service (as local admin) on the Win2k3 servers.

Zabbix agent (active) - OK
Same hostname in zabbix_agentd.conf and hostname at Zabbix - OK
Zabbix Agent service starts as Local System Account - OK

I've tried and other account with Administrator privileges on the server and domain - the same - NOT WORKING.

What else I can do?

**jroberson** · 20-05-2009, 15:31

What is your key definition for the item(s)? I use "eventlog[System]" to monitor my system logs.

**Mindaugas** · 20-05-2009, 15:46

Key definition is the same. See attached image.

Attached Files

**jroberson** · 20-05-2009, 16:17

Well, that is exactly like mine! Three other things you might try.

1: Make sure port 10051 is not blocked. Active checks are done through a different port than passive checks.

2: Make sure that the option "DisableActive" is not set. (not =1)

3: Set your log levels to 4 in the config file and watch the log for when it sends active checks. You should see something like this:

Code:

  2764:20090520:090819 JSON before sending [{
	"request":"agent data",
	"data":[
		{
			"host":"[B]Hostname[/B]",
			"key":"eventlog[System]",
			"value":"The ZABBIX Agent service was successfully sent a stop control.\r\n",
			"lastlogsize":58080,
			"timestamp":1242828494,
			"source":"Service Control Manager",
			"severity":1,
			"clock":1242828494},
		{
			"host":"[B]Hostname[/B]",
			"key":"eventlog[System]",
			"value":"The ZABBIX Agent service was successfully sent a start control.\r\n",
			"lastlogsize":58081,
			"timestamp":1242828494,
			"source":"Service Control Manager",
			"severity":1,
			"clock":1242828494},
		{
			"host":"[B]Hostname[/B]",
			"key":"eventlog[System]",
			"value":"The ZABBIX Agent service entered the running state.\r\n",
			"lastlogsize":58082,
			"timestamp":1242828494,
			"source":"Service Control Manager",
			"severity":1,
			"clock":1242828494},
		{
			"host":"[B]Hostname[/B]",
			"key":"script.test",
			"value":"[B]username[/B]",
			"clock":1242828495}],
	"clock":1242828499}]
  2764:20090520:090819 JSON back [{
	"response":"success",
	"info":"Processed 4 Failed 0 Total 4 Seconds spent 0.004746"}]
  2764:20090520:090819 In check_response({
	"response":"success",
	"info":"Processed 4 Failed 0 Total 4 Seconds spent 0.004746"})
  2764:20090520:090819 Info from server: Processed 4 Failed 0 Total 4 Seconds spent 0.004746

(Your mileage may vary)

You can see the "info" fields saying that 4 events were processed and 0 failed etc. You should also check your Zabbix_server log file as well.

NOTE: Be sure to set the log level in the config file back to "0" or "1" (or "3" if you must

) as it will grow quite fast

**Mindaugas** · 03-06-2009, 17:50

Hi again,
I've installed Zabbix Agent from this install package http://www.suiviperf.com/zabbix/ on 5 servers and now Zabbix server started to collect Windows Event Log information from one server but it is still not collecting information from 4 servers. Configuration is identical on all 5 servers, firewall is turned off on all of them.

Extract from Zabbix Agent log from one of the servers which information is not collected:
5380:20090603:182835 JSON back [{
"response":"success",
"info":"Processed 0 Failed 100 Total 100 Seconds spent 0.005849"}]
5380:20090603:182835 In check_response({
"response":"success",
"info":"Processed 0 Failed 100 Total 100 Seconds spent 0.005849"})

I can't understand, why if configuration is the same, 4 of the 5 servers fails to send information to zabbix server.
Please help me if someone has an idea.

**jroberson** · 05-06-2009, 15:26

Does your Zabbix_server.log show anything regarding these failed checks? You'll have to dig a bit and may need to set a higher debug level in the server config.

**hiacine** · 19-06-2009, 20:11

Hi

Perhaps the port is not open or the agent config file is not ok.

Try this from your zabbix server :

Code:

telnet IpAdressOfYourHost 10050

Then

Code:

agent.version

You must get the agent version.

If it tell you connection closed there is a problem.
Could you show us your agent config file ?

**Mindaugas** · 19-06-2009, 21:44

Hi,
Thank You for your answer.
I can telnet to monitored host from Zabbix-Proxy server. When I'd issue agent.version command I've got this answer:
ZBXD1.6.4Connection closed by foreign host

So, this is not a closed port problem...

zabbix_agentd.conf
# This is config file for zabbix_agentd
# To get more information about ZABBIX, go http://www.zabbix.com
#

############ GENERAL PARAMETERS #################

# List of comma delimited IP addresses (or hostnames) of ZABBIX servers.
# No spaces allowed. First entry is used for sending active checks.
# Note that hostnames must resolve hostname->IP address and
# IP address->hostname.

Server=10.10.10.6

# Server port for sending active checks

ServerPort=10051

# Unique hostname. Required for active checks.

Hostname=kzpaapp

# Listen port. Default is 10050

ListenPort=10050

# IP address to bind agent
# If missing, bind to all available IPs

#ListenIP=127.0.0.1

# Number of pre-forked instances of zabbix_agentd.
# Default value is 5
# This parameter must be between 1 and 16

StartAgents=5

# How often refresh list of active checks. 2 minutes by default.

#RefreshActiveChecks=120

# Disable active checks. The agent will work in passive mode listening server.

#DisableActive=1

# Enable remote commands for ZABBIX agent. By default remote commands disabled.

EnableRemoteCommands=1

# Specifies debug level
# 0 - debug is not created
# 1 - critical information
# 2 - error information
# 3 - warnings
# 4 - information (default)
# 5 - for debugging (produces lots of information)

DebugLevel=4

# Name of PID file

#PidFile=C:\Program Files\Zabbix Agent/Zabbix_agentd.pid

# Name of log file.
# If not set, syslog will be used

LogFile=C:\Program Files\Zabbix Agent\Zabbix_agentd.log

# Spend no more than Timeout seconds on processing
# Must be between 1 and 30

Timeout=5

##### Experimental options. Use with care ! #####

# Get rid of sockets in TIME_WAIT state
# This will set socket option SO_LINGER

# NoTimeWait=1

##### End of experimental options
####### USER-DEFINED MONITORED PARAMETERS #######
# Format: UserParameter=<key>,<shell command>
# Note that shell command must not return empty string or EOL only
#UserParameter=system.test,who|wc -l
### Set of parameter for monitoring MySQL server (v3.23.42 and later)
### Change -u<username> and add -p<password> if required
#UserParameter=mysql.ping,mysqladmin -uroot ping|grep alive|wc -l
#UserParameter=mysql.uptime,mysqladmin -uroot status|cut -f2 -d":"|cut -f1 -d"T"
#UserParameter=mysql.threads,mysqladmin -uroot status|cut -f3 -d":"|cut -f1 -d"Q"
#UserParameter=mysql.questions,mysqladmin -uroot status|cut -f4 -d":"|cut -f1 -d"S"
#UserParameter=mysql.slowqueries,mysqladmin -uroot status|cut -f5 -d":"|cut -f1 -d"O"
#UserParameter=mysql.qps,mysqladmin -uroot status|cut -f9 -d":"
#UserParameter=mysql.version,mysql -V

**hiacine** · 20-06-2009, 09:04

Your config file seems to be good.

Do you see something in your zabbix console ?

Monitoring --> Last data

click on the link history wich is in
Windows_Logs --> System Log --> history

Something like this :

Attached Files

**Mindaugas** · 20-06-2009, 09:36

Of course, not. As I've wrote earlier, I've been monitoring 5 servers with identical Zabbix Agent and Firewall (turned off) configuration, Windows Logging works on one of them, others logs are empty.

Ad Widget

Zabbix Server is not collecting Windows Log information

Zabbix Server is not collecting Windows Log information

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment