Ad Widget

**erisan500** · 02-06-2006, 17:59

The ZabbixW32 agent supports eventlog monitoring "out-of-the-box".

Make sure you eventlog item is using the "Zabbix Agent (active)", Set information type to "Log"

Also, your zabbixagent.conf file should contain a "Hostname" parameter.

Greetings

**dantheman** · 02-06-2006, 18:08

What do you use for the key?

**erisan500** · 02-06-2006, 20:33

eventlog[Application]
eventlog[Security]
eventlog[System]
eventlog[and.all.the.other.eventlogs.that.may.be.availeble. on.your.system]

Greetings

**donjjones** · 06-06-2006, 18:57

We are having some trouble with windows event logs. Set it up per these instructions here and noticed the following in the queue for the next check for event logs:

12.31.1969 19:00:00

Appears that this is an indication that something isn't right. I uncommented the line in the conf file on the agent for the host name.

Any ideas?

**erisan500** · 06-06-2006, 18:59

Post you zabbix_agentd.conf file please.

Greetings

**donjjones** · 06-06-2006, 19:59

Code:

# This is config file for zabbix_agentd
# To get more information about ZABBIX, go [url]http://www.zabbix.com[/url]

############ GENERAL PARAMETERS #################

# List of comma delimited IP addresses (or hostnames) of ZABBIX servers. 
# No spaces allowed. First entry is used for sending active checks.
# Note that hostnames must resolve hostname->IP address and
# IP address->hostname.

Server=192.168.110.169

# Server port for sending active checks

#ServerPort=10051

# Unique hostname. Required for active checks.

Hostname=djones

# Listen port. Default is 10050

#ListenPort=10050

# IP address to bind agent
# If missing, bind to all available IPs

#ListenIP=127.0.0.1

# Number of pre-forked instances of zabbix_agentd.
# Default value is 5
# This parameter must be between 1 and 16

StartAgents=5

# How often refresh list of active checks. 2 minutes by default.

#RefreshActiveChecks=120

# Disable active checks. The agent will work in passive mode listening server.

#DisableActive=1

# Enable remote commands for ZABBIX agent. By default remote commands disabled.

#EnableRemoteCommands=1

# Specifies debug level
# 0 - debug is not created
# 1 - critical information
# 2 - error information
# 3 - warnings (default)
# 4 - for debugging (produces lots of information)

DebugLevel=3

# Name of PID file

PidFile=/var/tmp/zabbix_agentd.pid

# Name of log file.
# If not set, syslog will be used

LogFile=/temp/zabbix_agentd.log

# Spend no more than Timeout seconds on processing
# Must be between 1 and 30

Timeout=3

####### USER-DEFINED MONITORED PARAMETERS #######
# Format: UserParameter=<key>,<shell command>
# Note that shell command must not return empty string or EOL only
#UserParameter=system.test,who|wc -l
### Set of parameter for monitoring MySQL server (v3.23.42 and later)
### Change -u<username> and add -p<password> if required
#UserParameter=mysql.ping,mysqladmin -uroot ping|grep alive|wc -l
#UserParameter=mysql.uptime,mysqladmin -uroot status|cut -f2 -d":"|cut -f1 -d"T"
#UserParameter=mysql.threads,mysqladmin -uroot status|cut -f3 -d":"|cut -f1 -d"Q"
#UserParameter=mysql.questions,mysqladmin -uroot status|cut -f4 -d":"|cut -f1 -d"S"
#UserParameter=mysql.slowqueries,mysqladmin -uroot status|cut -f5 -d":"|cut -f1 -d"O"
#UserParameter=mysql.qps,mysqladmin -uroot status|cut -f9 -d":"
#UserParameter=mysql.version,mysql -V

**donjjones** · 07-06-2006, 01:35

The following shows up in the log on the agent:

[06-Jun-2006 19:08:18] Active checks [Cannot connect to [192.168.110.169:10051] [No error]]
[06-Jun-2006 19:09:39] Active checks [Cannot connect to [192.168.110.169:10051] [No error]]
[06-Jun-2006 19:11:00] Active checks [Cannot connect to [192.168.110.169:10051] [No error]]
[06-Jun-2006 19:12:21] Active checks [Cannot connect to [192.168.110.169:10051] [No error]]
[06-Jun-2006 19:13:42] Active checks [Cannot connect to [192.168.110.169:10051] [No error]]
[06-Jun-2006 19:15:03] Active checks [Cannot connect to [192.168.110.169:10051] [No error]]
[06-Jun-2006 19:16:24] Active checks [Cannot connect to [192.168.110.169:10051] [No error]]
[06-Jun-2006 19:17:45] Active checks [Cannot connect to [192.168.110.169:10051] [No error]]
[06-Jun-2006 19:19:06] Active checks [Cannot connect to [192.168.110.169:10051] [No error]]
[06-Jun-2006 19:20:27] Active checks [Cannot connect to [192.168.110.169:10051] [No error]]
[06-Jun-2006 19:21:48] Active checks [Cannot connect to [192.168.110.169:10051] [No error]]
[06-Jun-2006 19:23:09] Active checks [Cannot connect to [192.168.110.169:10051] [No error]]
[06-Jun-2006 19:24:30] Active checks [Cannot connect to [192.168.110.169:10051] [No error]]
[06-Jun-2006 19:25:51] Active checks [Cannot connect to [192.168.110.169:10051] [No error]]
[06-Jun-2006 19:27:12] Active checks [Cannot connect to [192.168.110.169:10051] [No error]]
[06-Jun-2006 19:28:32] Active checks [Cannot connect to [192.168.110.169:10051] [No error]]

And so on. Is there something I don't have turned on with the server?

**edeus** · 07-06-2006, 01:48

Firewall?

Can you telnet to the port?

**donjjones** · 07-06-2006, 02:39

Damn, that was it. Thanks so much for the assistance on it.

**rjk** · 08-06-2006, 08:20

May be, this helps you

Screenshots

Attached Files

**mr.cocco** · 12-06-2006, 13:13

Triggers on Log

Hi, I have created an item for monitoring windows event log.
The data that zabbix capture as value is the description of event in the log.
I would like know if is possible setup a trigger on the severity of the event.

Thanks, Giuliano.

**rjk** · 12-06-2006, 15:29

Yes, that is possible - see screenshot

Hi,

below you will find a screenshot for that.
Hope, this helps you.

as I know:
1 - information
2 - warning
4 - high
8 - security

Friendly regards

rjk

Attached Files

**mr.cocco** · 13-06-2006, 11:34

Great Solution

Thanks, it works perfectly!!!

**raminix** · 17-08-2006, 16:03

Based on previous examples, I'm assuming that there is a function logsource which should work similar to logseverity, but I can't find any documentation on it or figure out how to make it work. I'm wanting to watch the Application log to see when someone logs in via VNC. When this happens, WinVNC adds an entry to the Application log.

Any ideas?

Ad Widget

Howto monitor windows event logs

Howto monitor windows event logs

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment