I have a ~ 1000 host windows environment and i have several Event IDS that i would liek to actively monitor. I have 5 distributed proxies that are currently working
is it best practice to
1) create one individual item with the filters already there (which si the way it is currently setup but it is completely killing my zabbix queue and poller processes
eventlog[Microsoft-Windows-Windows Defender/Operational,,,,1002|1005|1013|2001|1116|1117|1119| 3002|5001|5100,,skip]
eventlog[Application,,,,865|866|867|868|882,,skip]
eventlog[Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational,,,,1149,,skip]
2) Combine all the monitored event ids in ONE item and create triggers off that one item?
which is the ideal method?
Thanks!
is it best practice to
1) create one individual item with the filters already there (which si the way it is currently setup but it is completely killing my zabbix queue and poller processes
eventlog[Microsoft-Windows-Windows Defender/Operational,,,,1002|1005|1013|2001|1116|1117|1119| 3002|5001|5100,,skip]
eventlog[Application,,,,865|866|867|868|882,,skip]
eventlog[Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational,,,,1149,,skip]
2) Combine all the monitored event ids in ONE item and create triggers off that one item?
which is the ideal method?
Thanks!