How you did this???
I setup item - eventlog[Security]
Key - eventlog[Security]
Type of information - Log

but have in zabbixlog - Parameter [eventlog[Security]] is not supported by agent on host [sun.mega.dp.ua] Old status [0

Details of log event

Can you get the information from the log entry into the event information?

I can indentify an event has happened but Id like some more information in the event information rather than just severity and host. is this possible?

Details of Log

Stop looking everyone I found it - just for anyone elses benefit, this will show the details of the logged event.
--------------------

{{HOSTNAME}:eventlog[system].last(0)}

Logsource()

Hi,

thanks. The Info provided in this Thread was a gread helt to me. But like raminix I'm looking for Information on the usage of the logsource() function.
I already have Items receiving the Eventlogs without any problems. Now I want to check if the NTBackup succeeded. Nomally I would check for the Eventid with str() or something. but it is not transmitted. So I wanted to look fpr the Source an generate at least an alarm when NTBackup logs an error. But I can't get logsource() to work and can't find any more documentation on it, other than:"Logsource() returns source of event. Windows only." From the 1.1beta6 release notes.
Has anyone experience wich that function. Or any other idea, how i coult monitor the NTBackup-thing?

Where would you display this information? Can you display it in a notification some how?

How to use eventlog

This is the trigger I use for HIGH events.


NAME:

Eventlog APPLICATION:HIGH

Expression(Win32 is a template)

{Win32:eventlog[Application].logseverity(4)}=4
----------------------------------------------------------------
Then in the trigger section I have this, so it emails the details of the error.
-----------------------------------------------------------------------

{{HOSTNAME}:eventlog[system].last(0)}

HOST : {HOSTNAME}
-----------------------------------------------------
Extra Details
-----------------------------------------------------
Date = {DATE}
Time = {TIME}
CPU Load = {{HOSTNAME}:system.cpu.util[,,].last(0)}%
Disk space free on C drive = {{HOSTNAME}:vfs.fs.size[c:,free].last(0)}
Disk space free on D drive = {{HOSTNAME}:vfs.fs.size[d:,free].last(0)}

Eventlogs Stops Monitoring

Hello Everybody, I am not sure if anybody else has experienced this but I have an issue and a comment. Does anybody how zabbix gets the Eventlogs does it update it or transfer all the contents of the eventlog every time it refreshes itself. I have also found out that when you actually clear the contents of the systemlog it stops updating, does anybody know how to work around that.

Eventlogs appear to grab whatever is new in the eventlog since the last interval. So for example, if there are 500 new security events in the eventlog since it ran 300 seconds ago (your interval), then the agent will not do anything else until it has downloaded the 500 events into the zabbix server.

Once you stop/start event log monitoring or clear the event logs from the server, eventlog collection appears to break.

We use to use event log collection for application/system/security. We then started to disable security collection since that would cause the agent to take too much time and the server would appear to be down. Now we disable it all together because it was working too inconsistently on all our systems.

My .02

Monitoring of Winodws event logs is not broken. It means that it is supposed to work and works succesfully for a number of ZABBIX installations.

Please report all issues related to this functionality and we will do all our best to have it fixed. Also next release (release 3) of ZABBIX Manual (PDF) will contain detailed information about monitoring of log files and event logs.

Alexei- Thanks for the response.

I'll agree that it does work, but in limited situations.

I do know that if I go and install an agent on a windows system, enable zabbix event logging, that I can pretty much guarantee that it will work.

Now, if I disable zabbix event logging for awhile, clear event logs, re-enable event logging, disable it again, then maybe enable it again, that it will most likely not work anymore. (this is my theory as to why it stops working anyway)

The exact science to this, well, I'm not sure, but there are plenty of Windows boxes that we monitor that were working at one point. Somewhere along the way, someone did something like I described, and now most of them don't collect event logs into Zabbix anymore. FYI, my described theory may be incorrect. It might be a serivce pack, voodoo, or something else, but the description is my current theory.

For example, I looked at 14 random servers. Out of those 14, only 4 are still collecting system event logs. The other 10 all collected data at one time, but they no longer collect system event logs despite the item from the template is enabled.

I'm all for fixing this, as we would like to use it. Tell me what you need and its yours.

Thanks for all the details you provided! I'm sure we could find what exactly happens. Hopefully the issue will be resolved before 1.1.5.

This is very much the issue i am having with Event Logs.

I would love to get to the bottom of it as this is a major pain in the ass for me right now

I can tell you wants up with event logs as of about v1.4.5

AFAIK, the problems listed in this thread are resolved, with one new problem:

Overall, it works, but sometimes agents crash when queried for eventlog information. I'm not sure about 1.4.6 or 1.6.x.