Good morning.
Looking into the viability of Windows event log filtering for the Zabbix Appliance 2.2. Currently we are monitoring a few windows hosts via event logs and the triggers are working great out of the box.
Standard Event Log Trigger
{Windows Logging:eventlog[System].logseverity(0)}=4
Looking to try and create a trigger which will not fire unless there is three(3) repeated instances of the same error occur within 5 mins.
Here is the content we're searching for from the eventlog.
Authentication Failed for user 'BLUSSENHEIDE'
Would it be something along these lines for timing? How could I quantify the repeat count?
(({Windows Logging:eventlog[System].logseverity(0)})=4) & (({Windows Logging:eventlog[System].regexp("Authentication Failed for user")})=1) & ({Windows Logging:eventlog[System].nodata(300)}=1)
Any assistance would be most appreciated.
Thank You,
BLussenheide
Looking into the viability of Windows event log filtering for the Zabbix Appliance 2.2. Currently we are monitoring a few windows hosts via event logs and the triggers are working great out of the box.
Standard Event Log Trigger
{Windows Logging:eventlog[System].logseverity(0)}=4
Looking to try and create a trigger which will not fire unless there is three(3) repeated instances of the same error occur within 5 mins.
Here is the content we're searching for from the eventlog.
Authentication Failed for user 'BLUSSENHEIDE'
Would it be something along these lines for timing? How could I quantify the repeat count?
(({Windows Logging:eventlog[System].logseverity(0)})=4) & (({Windows Logging:eventlog[System].regexp("Authentication Failed for user")})=1) & ({Windows Logging:eventlog[System].nodata(300)}=1)
Any assistance would be most appreciated.
Thank You,
BLussenheide