Is there any workaround to make it possible?

Hi Hubert,

Install a proxy where the agent runs? But it is a bit overkill.
Do you have any network constraint that prevent you to use active mode?

regards,
Olivier

There isn't a workaround for this.

Alternatively, you could use Zabbix sender(and some scripting) but this .. would work like (nearly) an active anyway and more difficult (if you want to capture all of it) to do based on its schedule and you would have to have exposed and direct connection to server/proxy - so pointless. Might as well deploy a proxy where zbx appliance is directly available.

Or agent passive would be able to run scripts to fetch data from event logs - but again.. this script would need to know exactly what to send back so it won't duplicate entries - technically could elaborate this with having some sort of DB locally that collects all data and flag them as "not sent" and during script it would take all that need to be passed along - and change their flags to "sent".

It all depends on budget, resources and time allocated to resolve this issue if you cannot have a proxy nearby - in my opinion - not worth it, this long fetched idea - is not worth it as it also requires a script to send data within 30sec (and data size limitations) etc etc ....

You could define UserParameter - passive check metric, that will be some kind of script (e. g. PowerShell script), available on Zabbix Agent host, that requests Event Log data from Windows.