Ad Widget

Collapse

Windows and Active Directory Eventlog Auditing with Zabbix?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • AMT
    Junior Member
    • Sep 2019
    • 2
    #1

    Windows and Active Directory Eventlog Auditing with Zabbix?

    Hello all,

    I would like to monitor Windows machines and Active Directory with Zabbix to detect failed login attempts, anomalies, or attacks.

    My first attempts with AD templates under Zabbix 3.x /4.x were not very successful. Our Zabbix admin will upgrade to version 6.x.

    How well does the monitoring work and what templates do you use?
    Are there any tutorials?

    Thanks and greetings
    Andreas

    Tags: None
    • tim.stevenson
      Junior Member
      • Feb 2023
      • 4
      #2
      I did find this https://github.com/zabbix/community-...008_r2-2012_r2) But could not get it working, I think it might be because my server is running Windows Server 2022.
      If any finds a solution I would also be keen to know. Ill keep looking and update if I do find anything.

        Comment

        • wtdrisco
          Junior Member
          • Oct 2023
          • 24
          #3
          I just installed this template. Is this setup to ONLY email an event? There is very limited instructions...
          Though it is collecting data??? What did you do in ZABBIX to notify or show in a dashboard??

            Comment

            • LenR
              Senior Member
              • Sep 2009
              • 1005
              #4
              We monitored for a few critical but rare event log alerts. I don’t think it would scale to 1000’s of events.

                Comment

                • cyber
                  Senior Member
                  Zabbix Certified SpecialistZabbix Certified Professional
                  • Dec 2006
                  • 4807
                  #5
                  Originally posted by wtdrisco
                  I just installed this template. Is this setup to ONLY email an event? There is very limited instructions...
                  Though it is collecting data??? What did you do in ZABBIX to notify or show in a dashboard??
                  template and email have very little in common. Your collection of items and triggers generate events. What you do with those events, is up to you, template does not say that... Send email, create a ticket somewhere, feed it to your automation platform... it is all a matter of configuring enough media types and actions...

                    Comment

                    • wtdrisco
                      Junior Member
                      • Oct 2023
                      • 24
                      #6
                      cyber, thanks - new to Zabbix. I saw this and wanted to have a way to monitor AD manipulation - to ensure non-approved changes are not being made. It just seems to Collect data - but from what you are telling me, that if an event is captured through this template, (when someone conducts an AD change (based on the items in the template), through the media types I can get a notification ( like an email ) - Was wondering if there is a way to display daily changes in a dashboard page - like a line item list.

                        Comment

                        Previous template Next
                        Working...