You're missing part of the syntax for the Event Log. Change your values to:

eventlog[Application,,,,,,skip]

eventlog[Security,,,,,,skip]


eventlog[System,,,,,,skip]

The commas are additional blanks for additional values that you can use to further parse your results.

Be warned: this will collect and store a lot of data. If you're monitoring a lot of hosts it will take up quite a bit of database space.

You may want to just monitor specific events as opposed to everything. For example: to monitor failed logon attempts, your value would be: eventlog[Security,,,,4265,,skip]

The skip option tells Zabbix to only collect logs from the start of the monitoring as opposed to collecting older logs as well.

Sent from my BBE100-5 using Tapatalk

Not entirely true. Syntax was correct, not missing anything, it just starts reading from beginning and it may take a lot of time.... adding that "skip" option speeds things up, instructing agent to skip everything and start listening from the end of file.

But it is true, that with this syntax you are basically copying full event log to zabbix. You should add additional parameters to item key to only gather events with certain severity and certain ID-s etc. Significantly reducing the data, what is picked up and transferred to Zabbix server.