Ad Widget

**alientm** · 10-07-2017, 08:41

For me it works something like this:

Items:
Name: PC unlock
Type: Active
Key: eventlog[Security,,,,4800|4801]
Type of information: log

Triggers:
Name: Dektop unlock !
Expression: ({TRIGGER.VALUE}=0 and {PC_NAME:eventlog[Security,,,,4800|4801].logeventid(4801)}=1) or ({TRIGGER.VALUE}=1 and {PC_NAME:eventlog[Security,,,,4800|4801].logeventid(4800)}=0)

**onallion** · 10-07-2017, 16:17

Just trigger when event 13508 occurs, and then use recovery expression to recover only when event 13509 occurs. Easy as pie

**amitshmil** · 10-07-2017, 22:00

Let me try that...

**emz** · 21-02-2019, 14:45

What about the following trigger:

eventlog[System,,"Error",,^6008$,10,skip].logeventid(^6008$)}=1 and eventlog[System,,"Error",,^6008$,10,skip].nodata(300)}=0

I face the following issue - if I use nodata(300)}=0, the trigger is not activated at all. If I use nodata(300)}=1, the alarm never disappears (no recovery).
Can you recommend how to deal with the situation?

**Cpt. Lunchbox** · 21-02-2019, 16:45

emz

Give this a try:

Code:

.nodata(300[B]s[/B])}=0 or .nodata([B]5m[/B])}=0

Worked for me

**emz** · 22-02-2019, 09:02

Yes, thank you! I get the result I want!

**Mitesh Patel** · 24-07-2019, 05:53

Can you please help me regarding how to windows server event viewer log monitoring in Zabbix server.

Ad Widget

Monitor Windows event logs

Monitor Windows event logs

Comment

Comment

Comment

Comment

Comment

Comment

Comment