Ad Widget

Collapse

Windows Event Viewer Monitor

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • biligsaikhan
    Junior Member
    • Dec 2022
    • 2
    #1

    Windows Event Viewer Monitor

    I have setup zabbix server in our environment. I want to monitor couple of Windows Event Viewer logs. I have found several guides all said I need to set it up as active agent. However it is still not working.

    Zabbix Agent installation:
    Hostname: ActiveDir
    Zabbix Server IP/DNS: 192.168.10.160
    Agent Listen Port: 10051
    Server or Proxy for active checks: 192.168.10.160
    Enable PSK: No
    Add agent location to PATH: no

    Zabbix Server add new Host:
    Hostname: ActiveDir (same as agent)
    Interface:
    Agent: 192.168.10.223
    DNS Name: 192.168.10.223
    Connect to: IP
    Post: 10051

    Add Item:
    Name: Account Lockouts
    Type: Zabbix agent (active)
    Key: eventlog[Security,,Information,,4740,,skip]
    Type of information: Log


    This is how I setup the agent. However I am getting no data from it. The Event was created on the server, just not getting it in the Zabbix.

    What configuration have I done wrong?

    Tags: agent, windows
    • Atsushi
      Senior Member
      • Aug 2013
      • 2028
      #2
      Please allow me to confirm three points.
      Has the Zabbix agent running on host ActiveDir been changed to work using port number 10051 instead of the default 10050?
      Another thing, is it possible to set other items and get their values?
      One last thing, are there any error or warning messages outputed in the log file?​

        Comment

        • biligsaikhan
          Junior Member
          • Dec 2022
          • 2
          #3
          1. When installing Zabbix Agent I changed the port from 10050 to 10051.
          2. With key:eventlog - NO. Using windows template by zabbix agent yes.
          3. No error in log file.

            Comment

            • Atsushi
              Senior Member
              • Aug 2013
              • 2028
              #4
              If you can get the value of the item of type "Zabbix agent", there may be a problem that you cannot get the item of type "Zabbix agent (active)". The cause is an error in the SeverActive settings, Zabbix agent side cannot connect to Zabbix server side with that setting, the host name registered on Zabbix server and the value of Hostname on Zabbix agent side do not match, It will be considered.
              In these cases, if the DebugLevel is 3 or higher, which is the default, information that can identify the cause will always be output to the log file.​

              PS.
              If you still don't get anything, check the eventlog[] arguments again. For example, can you get the value without giving detailed conditions?
              Last edited by Atsushi; 20-12-2022, 05:37.

                Comment

                Previous template Next
                Working...