Ad Widget

Collapse

Display data from Windows EventLog

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • gilur
    Junior Member
    • Apr 2024
    • 4
    #1

    Display data from Windows EventLog

    Hi,
    I'm monitoring Windows eventlog for specific events. In this example - security logs for users added to admin group. Triggers work fine but I would like to display some additional info from within the event log itself - on the Dashboard.

    In the picture I attached - on the 2nd problem I would like to see the parameters like the username that was added and by whom. These parameters exist in the windows log that is parsed but I can't find a way to display them.
    Is there a way to do it ?
    thanks

    Click image for larger version Name: image.png Views: 265 Size: 11.6 KB ID: 482231
    Tags: None
    • cyber
      Senior Member
      Zabbix Certified SpecialistZabbix Certified Professional
      • Dec 2006
      • 4807
      #2
      If the data is present in item value, you can try to parse it out with macro functions, like regsub or iregsub ans use it to construct better event name
      1 Macro functions
      https://www.zabbix.com/documentation/6.0/en/manual/config/macros/macro_functions#supported-macro-functions

        Comment

        • gilur
          Junior Member
          • Apr 2024
          • 4
          #3
          Originally posted by cyber
          If the data is present in item value, you can try to parse it out with macro functions, like regsub or iregsub ans use it to construct better event name
          https://www.zabbix.com/documentation...acro-functions
          Cool. I will try that.
          Is there a way (page/site) in which I can test my macro while building it ? (entring the original string and see what the macro returns?)

            Comment

            • ElzminBerth
              Junior Member
              • Apr 2024
              • 1
              #4
              Originally posted by gilur
              Hi,
              I'm monitoring Windows eventlog for specific events. In this example - security logs for users added to admin group. Triggers work fine but I would like to display some additional info from within the event log itself - on the Dashboard.

              In the picture I attached - on the 2nd problem I would like to see the parameters like the username that was added and by whom. These parameters exist in the windows log that is parsed but I can't find a way to display them.
              Is there a way to do it ?
              thanks
              How are you currently monitoring the Windows event log for specific events, particularly security logs for users added to the admin group?

                Comment

                • gilur
                  #4.1
                  gilur commented
                  16-04-2024, 09:59
                  Editing a comment
                  Event ID 4732 – A member was added to a security-enabled local group.
                  If filtering this event from the security log
                Previous template Next
                Working...