Why is Zabbix collecting Windows Event Log data late?
Hello,
I have the following items applied to all domain controllers to monitor security events.
Here are the corresponding triggers:
However the time that the event occurred on the domain controller (Local time), compared to the time Zabbix saw the event is always several hours later. This is causing the alert to trigger way past the event.
Here is the domain controllers latest data showing the time it last checked. I assume this is when Zabbix pulled the log and caused the problem alert above.
Any idea why this is happening? The item is an active check set to 1 second. I would expect Zabbix to get the info from the domain controller straight away.
Thanks!
I have the following items applied to all domain controllers to monitor security events.
Here are the corresponding triggers:
However the time that the event occurred on the domain controller (Local time), compared to the time Zabbix saw the event is always several hours later. This is causing the alert to trigger way past the event.
Here is the domain controllers latest data showing the time it last checked. I assume this is when Zabbix pulled the log and caused the problem alert above.
Any idea why this is happening? The item is an active check set to 1 second. I would expect Zabbix to get the info from the domain controller straight away.
Thanks!
Attached Files
Comment