Ad Widget

**jgordor** · 24-01-2008, 09:15

Info on the wiki

Hi,

Check http://www.zabbix.com/wiki/doku.php?...itoringwindows

**bill.unger** · 24-01-2008, 14:07

Thank you for the reference, but I have already seen that entry... it doesn't provide much in the way of explanation, which is what I need to modify it. For example, how do I check for Error events only? Or how do I check where the source is "Backup Exec?"

thanks again
Bill

**maruscya** · 25-01-2008, 00:33

Hello !!!

I'm trying to reach the same goal about ntbackup... i'm made this trigger by my self, but i don't understand if it working fine.
I write this trigger

({gutta-dc2:eventlog[application].logsource(NTBackup)}=1)&({gutta-dc2:eventlog[application].logseverity(high)}=1)&({gutta-dc2:eventlog[application].str(error)}=1)

Is this trigger correct ? Trigger must be TRUE if NtBackup report some error into description ...

**Niels** · 25-01-2008, 09:20

Originally posted by maruscya

Is this trigger correct ?

You tell us. Does it work?

I can't make an item with logseverity as you suggest, I get an error.

**bill.unger** · 26-01-2008, 02:00

Is no one using Event Log monitoring in Zabbix that could at least post some of their triggers? ANYTHING at this point would be helpful....

tia,
Bill

**bill.unger** · 27-01-2008, 21:09

P-L-E-A-S-E... can someone please provide more information on using these triggers and events? It is driving me insane!!!!

tia,
Bill

**Niels** · 28-01-2008, 09:32

I've also asked this elsewhere -- without answers. Welcome to the world of Zabbix.

**trikke** · 28-01-2008, 17:33

Here U go:

Desription: Eventlog Application Error
Key: eventlog[Application,Error]
key type: log

Trigger: {Basler_Template_Windows:eventlog[Application,Error].logseverity(4)}=4

Simple and Basic, works for me an zabbix 1.4.4 and 1.5

Greetings
Patrick

**bill.unger** · 28-01-2008, 18:43

Originally posted by trikke

Here U go:

Desription: Eventlog Application Error
Key: eventlog[Application,Error]
key type: log

Trigger: {Basler_Template_Windows:eventlog[Application,Error].logseverity(4)}=4

Simple and Basic, works for me an zabbix 1.4.4 and 1.5

Greetings
Patrick

Patrick,

Thanks a ton for the info! And, of course, a couple of follow-up questions:

1. The key value you have for the item has two parameters to it = Application and Error. Is the second parameter the TYPE of eventlog entry?

2. Where did you find documentation for the eventlog[Application,Error] key?

3. How do you display/react to the trigger? Do have an action defined?

4. How are you displaying the actual event log error message?

Thanks again for the help!
Bill

**maruscya** · 28-01-2008, 18:46

Originally posted by Niels

You tell us. Does it work?

I can't make an item with logseverity as you suggest, I get an error.

Which error you have ?

**Niels** · 29-01-2008, 09:50

Originally posted by maruscya

Which error you have ?

Simply that adding logseverity is an incorrect key format. I'm sure it works fine in a trigger, but I'm looking to make an item that only collects severity==Error (or similar).

Originally posted by bill.unger

1. The key value you have for the item has two parameters to it = Application and Error. Is the second parameter the TYPE of eventlog entry?

No, it's a regexp that works on the value field. Severity and Source can only be addressed in a trigger, not in the item.

**trikke** · 29-01-2008, 10:12

Hi Bill,

As Niels statet, the key = Eventlog[ ], the parms are: first parm = Eventlog "name/source" (Application, Security or System), second parm is a Regexp (against the Eventlog Message)

Documentation??? I just read the source ( under zabbix_agent, active.c and eventlog.c)

I have a general action, which reacts on every Trigger=True or False.

The eventlog Error Message is in the xxx.last() variable. (U have to set History and Trends on your item!)

greets
Patrick

**antani** · 30-04-2008, 16:08

Originally posted by trikke

Trigger: {Basler_Template_Windows:eventlog[Application,Error].logseverity(4)}=4

I can use this only with application (getting unknown if i use this with [Security, Error] or [System, Error])

How can i do to extend application log control to system and security?

**fast.ryder** · 04-05-2008, 14:36

Logparser - your new best friend

Hello!

When it comes to accessing information from windows event logs, I tend to rely on using Logparser 2.2, a free tool that some Microsoft programmers developed some time ago.

If you try to use it, you may find lots of output formats, even SQL Server directly, CSV file, etc. A regular-running script may be useful for you, inserted in Zabbix agent as a parameter, to send back some info to Zabbix Server.

Ivo Pereira
IT Consultant
Portugal

Ad Widget

Event Log Monitoring Syntax

Event Log Monitoring Syntax

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment