Ad Widget

Collapse

Monitor Custom view from Event Viewer

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Jeff54
    Junior Member
    • Jul 2024
    • 25
    #1

    Monitor Custom view from Event Viewer

    Hi everyone,

    I would like to sort Event system that I receive from a server with a Custom view on the Windows Event viewer, in order to only receive System data that I want (Error and Criticial).
    I know that I can filter with an Item on the Template but I would like to just send the data that I want from the proxy to the server, and not send evrything and filter on the server.

    I simply created a custom view to display the errors (that is functionnal), but It return the error : "EvtQuery channel missed:[0x00003A9F] The specified channel could not be found"

    Click image for larger version Name: evt viewer item2.png Views: 227 Size: 19.5 KB ID: 487897
    Click image for larger version Name: evt viewer item1.png Views: 281 Size: 27.9 KB ID: 487896

    Hope that someone could help me.

    Regards,

    Jeff
    Tags: None
    • Markku
      Senior Member
      Zabbix Certified SpecialistZabbix Certified ProfessionalZabbix Certified Expert
      • Sep 2018
      • 1782
      #2
      Originally posted by Jeff54
      a Custom view on the Windows Event viewer, in order to only receive System data that I want (Error and Criticial)
      I think you should use the actual event log name and then use the severity filter in the eventlog item, instead of a custom view:

      2 Windows Zabbix agent
      https://www.zabbix.com/documentation/current/en/manual/config/items/itemtypes/zabbix_agent/win_keys#eventlog


      Markku

        Comment

        • Jeff54
          Junior Member
          • Jul 2024
          • 25
          #3
          Hi,

          Thanks for you answer.
          I know, but I want to only have, for example, the error on the System Event viewer, and not touch to the default System Windows Logs define in the system.
          I find that weird that it's so difficult to collect a custom view.

          If someone have an idea how to do that.

          Regards

            Comment

            • Markku
              Senior Member
              Zabbix Certified SpecialistZabbix Certified ProfessionalZabbix Certified Expert
              • Sep 2018
              • 1782
              #4
              I'm not suggesting you edit anything in the Windows side. When you look at the eventlog configuration options (linked above), you'll see that you can filter the Error and Critical events in the item. That filtering happens in the agent.

              eventlog[System,,"Error|Critical"]

              But maybe I misunderstood something that you are trying to achieve?

              Anyway, the custom views seem to be a feature of the Event Viewer application, not of the Windows event logging system, so that's why Zabbix agent has its own filtering.

              Markku

                Comment

                Previous template Next
                Working...