Hi!
I can't work this out!
I've AppLocker event IDs 8003,8004,8006 and 8007 going into a custom Windows Event log on a server. I've setup four items in Zabbix, one for each. The MSI/Script event IDs (8006, 8007) are appearing in Zabbix fine, but the exe related event IDs (8003, 8004) are not appearing. Source, log name are all the same the as two that are working. The items have no errors. The only difference on each item is the event ID.
Event of 8003 and 8004 are coming in.
No sign of them in Zabbix
If I create a generic item to capture everything in the WEC-AppLocker log (eventlog[WEC-AppLocker,,,,,,skip]), they don't come in either, but events 8006 and 8007 still do.
I can't work this out!
I've AppLocker event IDs 8003,8004,8006 and 8007 going into a custom Windows Event log on a server. I've setup four items in Zabbix, one for each. The MSI/Script event IDs (8006, 8007) are appearing in Zabbix fine, but the exe related event IDs (8003, 8004) are not appearing. Source, log name are all the same the as two that are working. The items have no errors. The only difference on each item is the event ID.
Event of 8003 and 8004 are coming in.
No sign of them in Zabbix
If I create a generic item to capture everything in the WEC-AppLocker log (eventlog[WEC-AppLocker,,,,,,skip]), they don't come in either, but events 8006 and 8007 still do.
Attached Files