Hi,
I am trying to monitor logs from Windows Event Viewer for System errors. I have setup template, triggers and items all fin.
I setup item like this:
Type: Zabbix agent (active)
Key: eventlog[system]
type of information: log
update interval: 30
keep history: 90
Status: Active
Applications: WindowsEventLogs
I setup my trigger with this expression: (to pickup system ERROR)
{Windows Logging:eventlog[System].logseverity(4)}=4
I made sure my "host=" matches the hostname configured on the server. I didnt set flag for disableActive and disablePassive.
All my other triggers and checks works just cant get windows event log monitoring to work.
I tried to telnet to the 10051 port, doesnt return anything, also no error saying its blocked. (i will check with IT) but thought i'd ask to see if i am missing something.
Application does not show up in "Latest Data" for the "WindowsEventLogs".
Help?
Here is my config file on the host(s):
############ GENERAL PARAMETERS #################
### Option: DebugLevel
# Specifies debug level
# 0 - no debug
# 1 - critical information
# 2 - error information
# 3 - warnings
# 4 - for debugging (produces lots of information)
#
# Mandatory: no
# Default:
DebugLevel=0
### Option: LogFile
# Name of log file.
#
# Mandatory: no
# Default:
# LogFile=
LogFile=C:\Zabbix\Zabbix_agentd.log
### Option: LogFileSize
# Maximum size of log file in MB.
# 0 - disable automatic log rotation.
#
# Mandatory: no
# Range: 1-1024
# Default:
LogFileSize=1
### Option: SourceIP
# Source IP address for outgoing connections.
#
# Mandatory: no
# Default:
# SourceIP=
### Option: EnableRemoteCommands
# Whether remote commands from Zabbix server are allowed.
# 0 - not allowed
# 1 - allowed
#
# Mandatory: no
# Default:
EnableRemoteCommands=1
##### Passive checks related
### Option: Server
# List of comma delimited IP addresses (or hostnames) of Zabbix servers.
# No spaces allowed. First entry is used for receiving list of and sending active checks.
# Note that hostnames must resolve hostname->IP address and IP address->hostname.
#
# Mandatory: yes
# Default:
# Server=
Server=10.x.x.x
### Option: Hostname
# Unique hostname.
# Required for active checks and must match hostname as configured on the server.
#
# Default:
# Hostname=system.uname
Hostname=(same as my server hostname)
### Option: ListenPort
# Agent will listen on this port for connections from the server.
#
# Mandatory: no
# Range: 1024-32767
# Default:
ListenPort=10050
### Option: ListenIP
# Agent will listen on the specified interface.
#
# Mandatory: no
# Default:
# ListenIP=0.0.0.0
# ListenIP=127.0.0.1
### Option: DisablePassive
# Disable passive checks. The agent will not listen on any TCP port.
# Only active checks will be processed.
# 0 - do not disable
# 1 - disable
#
# Mandatory: no
# Default:
# DisablePassive=0
##### Active checks related
### Option: DisableActive
# Disable active checks. The agent will work in passive mode listening for server.
#
# Mandatory: no
# Default:
# DisableActive=0
# DisableActive=1
### Option: ServerPort
# Server port for retrieving list of and sending active checks.
#
# Mandatory: no
# Default:
ServerPort=10051
### Option: RefreshActiveChecks
# How often list of active checks is refreshed, in seconds.
#
# Mandatory: no
# Range: 60-3600
# Default:
# RefreshActiveChecks=120
### Option: BufferSend
# Do not keep data longer than N seconds in buffer.
#
# Mandatory: no
# Range: 1-3600
# Default:
# BufferSend=5
### Option: BufferSize
# Maximum number of values in a memory buffer. The agent will send
# all collected data to Zabbix Server or Proxy if the buffer is full.
#
# Mandatory: no
# Range: 1-65535
# Default:
# BufferSize=100
### Option: MaxLinesPerSecond
# Maximum number of new lines the agent will send per second to Zabbix Server
# or Proxy processing 'log' and 'eventlog' active checks.
# The provided value will be overridden by the parameter 'maxlines',
# provided in 'log' or 'eventlog' item key.
#
# Mandatory: no
# Range: 1-1000
# Default:
# MaxLinesPerSecond=100
############ ADVANCED PARAMETERS #################
### Option: StartAgents
# Number of pre-forked instances of zabbix_agentd that process passive checks.
#
# Mandatory: no
# Range: 1-16
# Default:
StartAgents=5
### Option: Timeout
# Spend no more than Timeout seconds on processing
#
# Mandatory: no
# Range: 1-30
# Default:
# Timeout=3
### Option: Include
# You may include individual files or all files in a directory in the configuration file.
#
# Mandatory: no
# Default:
# Include=
# Include=c:\zabbix\zabbix_agent.userparams.conf
# Include=c:\zabbix\zabbix_agentd\
####### USER-DEFINED MONITORED PARAMETERS #######
### Option: UserParameter
# User-defined parameter to monitor. There can be several user-defined parameters.
# Format: UserParameter=<key>,<shell command>
# Note that shell command must not return empty string or EOL only.
# Example: UserParameter=system.test,echo 1
#UserParameter=system.test,echo 1
I am trying to monitor logs from Windows Event Viewer for System errors. I have setup template, triggers and items all fin.
I setup item like this:
Type: Zabbix agent (active)
Key: eventlog[system]
type of information: log
update interval: 30
keep history: 90
Status: Active
Applications: WindowsEventLogs
I setup my trigger with this expression: (to pickup system ERROR)
{Windows Logging:eventlog[System].logseverity(4)}=4
I made sure my "host=" matches the hostname configured on the server. I didnt set flag for disableActive and disablePassive.
All my other triggers and checks works just cant get windows event log monitoring to work.
I tried to telnet to the 10051 port, doesnt return anything, also no error saying its blocked. (i will check with IT) but thought i'd ask to see if i am missing something.
Application does not show up in "Latest Data" for the "WindowsEventLogs".
Help?
Here is my config file on the host(s):
############ GENERAL PARAMETERS #################
### Option: DebugLevel
# Specifies debug level
# 0 - no debug
# 1 - critical information
# 2 - error information
# 3 - warnings
# 4 - for debugging (produces lots of information)
#
# Mandatory: no
# Default:
DebugLevel=0
### Option: LogFile
# Name of log file.
#
# Mandatory: no
# Default:
# LogFile=
LogFile=C:\Zabbix\Zabbix_agentd.log
### Option: LogFileSize
# Maximum size of log file in MB.
# 0 - disable automatic log rotation.
#
# Mandatory: no
# Range: 1-1024
# Default:
LogFileSize=1
### Option: SourceIP
# Source IP address for outgoing connections.
#
# Mandatory: no
# Default:
# SourceIP=
### Option: EnableRemoteCommands
# Whether remote commands from Zabbix server are allowed.
# 0 - not allowed
# 1 - allowed
#
# Mandatory: no
# Default:
EnableRemoteCommands=1
##### Passive checks related
### Option: Server
# List of comma delimited IP addresses (or hostnames) of Zabbix servers.
# No spaces allowed. First entry is used for receiving list of and sending active checks.
# Note that hostnames must resolve hostname->IP address and IP address->hostname.
#
# Mandatory: yes
# Default:
# Server=
Server=10.x.x.x
### Option: Hostname
# Unique hostname.
# Required for active checks and must match hostname as configured on the server.
#
# Default:
# Hostname=system.uname
Hostname=(same as my server hostname)
### Option: ListenPort
# Agent will listen on this port for connections from the server.
#
# Mandatory: no
# Range: 1024-32767
# Default:
ListenPort=10050
### Option: ListenIP
# Agent will listen on the specified interface.
#
# Mandatory: no
# Default:
# ListenIP=0.0.0.0
# ListenIP=127.0.0.1
### Option: DisablePassive
# Disable passive checks. The agent will not listen on any TCP port.
# Only active checks will be processed.
# 0 - do not disable
# 1 - disable
#
# Mandatory: no
# Default:
# DisablePassive=0
##### Active checks related
### Option: DisableActive
# Disable active checks. The agent will work in passive mode listening for server.
#
# Mandatory: no
# Default:
# DisableActive=0
# DisableActive=1
### Option: ServerPort
# Server port for retrieving list of and sending active checks.
#
# Mandatory: no
# Default:
ServerPort=10051
### Option: RefreshActiveChecks
# How often list of active checks is refreshed, in seconds.
#
# Mandatory: no
# Range: 60-3600
# Default:
# RefreshActiveChecks=120
### Option: BufferSend
# Do not keep data longer than N seconds in buffer.
#
# Mandatory: no
# Range: 1-3600
# Default:
# BufferSend=5
### Option: BufferSize
# Maximum number of values in a memory buffer. The agent will send
# all collected data to Zabbix Server or Proxy if the buffer is full.
#
# Mandatory: no
# Range: 1-65535
# Default:
# BufferSize=100
### Option: MaxLinesPerSecond
# Maximum number of new lines the agent will send per second to Zabbix Server
# or Proxy processing 'log' and 'eventlog' active checks.
# The provided value will be overridden by the parameter 'maxlines',
# provided in 'log' or 'eventlog' item key.
#
# Mandatory: no
# Range: 1-1000
# Default:
# MaxLinesPerSecond=100
############ ADVANCED PARAMETERS #################
### Option: StartAgents
# Number of pre-forked instances of zabbix_agentd that process passive checks.
#
# Mandatory: no
# Range: 1-16
# Default:
StartAgents=5
### Option: Timeout
# Spend no more than Timeout seconds on processing
#
# Mandatory: no
# Range: 1-30
# Default:
# Timeout=3
### Option: Include
# You may include individual files or all files in a directory in the configuration file.
#
# Mandatory: no
# Default:
# Include=
# Include=c:\zabbix\zabbix_agent.userparams.conf
# Include=c:\zabbix\zabbix_agentd\
####### USER-DEFINED MONITORED PARAMETERS #######
### Option: UserParameter
# User-defined parameter to monitor. There can be several user-defined parameters.
# Format: UserParameter=<key>,<shell command>
# Note that shell command must not return empty string or EOL only.
# Example: UserParameter=system.test,echo 1
#UserParameter=system.test,echo 1
Comment