Ad Widget

Collapse

Getting a trigger for a changed registry value

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • pinguin123
    Member
    • Apr 2015
    • 52
    #1

    Getting a trigger for a changed registry value

    Hi,

    I checked this thread here how to monitor the Windows registry, but it's 5 years old. Isn't there a simple solution now to get a trigger after a special registry value has been changed? Is there maybe a special key of item?
    Tags: None
    • jamesNJ
      Senior Member
      • Jun 2015
      • 103
      #2
      I'm not a real windows expert so take my points with a grain of salt ...

      It looks like WMI has some ability to query registry, so a wmi.get[] item might be usable. I also found evidence that powershell has calls to query registry, you might use that to get what you need.

      regedit also has the ability to export registry, so if your check is very basic (like you are only looking to see if someone changed an area of registry), you could create a zabbix item to run a script which outputs that area of registry to a file, and then use vfs.file.cksum[file] to check if the file changed.

        Comment

        • Gert Vanderstukken
          Junior Member
          • Mar 2011
          • 5
          #3
          Hello all,

          I am also looking into a "better" way to monitor registry values.
          What are you all using?
          • a userparameter, pointing to a (powershel?) script
          • a userparameter, pointing to reg query
          • system.run => reg query
          • a WMI query? I was not able to get any results using wmi.get, so if somebody has an example...
          • something I missed?
          Is there a reason something like this is not build into the agent?

            Comment

            • Hamardaban
              Senior Member
              Zabbix Certified SpecialistZabbix Certified Professional
              • May 2019
              • 2713
              #4
              If there are not many hosts, it is better to use reg q with userparam (the disadvantage is that you need to edit the agent config).
              Using systemrun is easier, but it doesn't always work well on some systems.
              The agent is expandable - so why drag third-party functionality into it?
              Of course, it would be more convenient to be able to access the registry directly, but keep in mind that windows is not all computers. :-)

                Comment

                • Gert Vanderstukken
                  Junior Member
                  • Mar 2011
                  • 5
                  #5
                  Also here: 95% of the environment is Linux

                  On the other hand: the agent has Perfmon checks and WMI build in => also for Windows only.
                  I really think that registry read access would be a big benefit/plus.

                    Comment

                    • Hamardaban
                      #5.1
                      Hamardaban commented
                      09-12-2020, 09:38
                      Editing a comment
                      I agree - it would be much more easier!
                    Previous template Next
                    Working...