more information here

Hi

Try the Wiki

http://www.zabbix.com/wiki/howto/mon...ndows_eventlog

:-)

/S

Hi hulting74

the wiki article is fine, but it won't help that much except showing the idea and principle.

Event-IDs are not support by ZABBIX up to 1.6.x.
They are supported from 1.7.x on and will appear in 1.8.
The Event-Id field will be in the DB and triggers can be defined using
it.
However, we don't use 1.7.x, yet. So I don't know how to specify the trigger
exactly.

We must use the Event-Id now, so we did a patch for it for the
windows agent as well as for the server.

Regards,

Norbert.

Monitoring Event Log

Thanks for the info, we only have version 1.4 and I doubt I can get them to upgrade. Thanks so much for your input.

I have looked at the wiki a hundred times and it hasn't helped and I just read a thread today that got me 1 step further.

We now have version 1.8 and I got this to work just today
{myserver:eventlog[Application].logsource(SceCli)}=1

But that is looking for a source not an Event ID and when I try either of these it doesn't work, what is the function you use to specify the Event ID? because .logeventid isn't one.

{myserver:eventlog[Application]eventid(1704)}=1
({myserver:eventlog[Application].logsource(SceCli)}=1)&({myserver:eventlog[Application]eventid(1704)}=1)

I really want to search for a specific Event ID and Source together to make the trigger more specific.