Ad Widget

Collapse

Windows Event Viewer Zabbix triggers

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Apollo1377
    Junior Member
    • Jan 2024
    • 1
    #1

    Windows Event Viewer Zabbix triggers

    I have a task to create Windows Event critical event in Zabbix for ADFS server:

    Event ID 385: AD FS detected that one or more certificates in AD FS configuration database need to be updated manually because they are expired, or will expire soon.

    At the moment, there is NO Event ID 385 in Windows Event Viewer on ADFS server. So, this trigger is impossible to test and make sure it is working. For that purpose, I took Event ID 7031 and configured it accordingly.

    ​Item (Zabbix agent active) was created with below parameters:
    eventlog[System,,,,^7031$,,]
    Trigger was created:
    logeventid(/server.name/eventlog7031[System,,,,^7031$,,],#1,"7031")=1

    PROBLEM event generation mode​ - Multiple.

    Zabbix agent configuration file parameters:
    Server=Zabbix.server.name
    Hostname=server.name (the same name in Zabbix program)
    LogFile=C:\Program Files\Zabbix\zabbix_agentd.log
    eventlog[System,,,,^7031$,,]​

    I did all possible ways to get it work but no result.
    Please help me to identify the syntaxis or possible ways to get it working.
    Many thanks.​
    Tags: None
    • vijayk
      Senior Member
      • May 2023
      • 305
      #2
      trigger expression: logeventid(/templatename/eventlog[System,,,,^7031,,skip]])=1

      Try with this.

        Comment

        • jysse
          Junior Member
          • Sep 2011
          • 4
          #3
          You can also add events to Windows logs for testing purposes. It goes something like this:

          eventcreate /T ERROR /ID 385 /L SYSTEM /D "testing"

          Or with powershell (as admin)
          write-eventlog -logname "System" -Source "Service Control Manager" -eventid 385 -entrytype Error -message "testing"

          Change parameters as needed.



            Comment

            Previous template Next
            Working...