I have been wrestling with Eventlog monitoring for a couple of weeks now and am not having much luck. I am running Zabbix 1.4 on Ubuntu and here is what I have done so far:

- Created a new template called Template_WindowsRegistry

- Created 2 new items in template
Name: EventLog-Application
Type: Zabbix agent
key: eventlog[Application]
Type of Information: Log
note: left all other fields at default

Name: EventLog-System
Type: Zabbix agent
key: eventlog[System]
Type of Information: Log
note: left all other fields at default

- Created 2 new triggers in the template
Name: EventLog-SystemError
Expression: {Template_WindowsRegistry:eventlog[System].logseverity(4)}=4
<No Dependencies>
Severity: High
Comments: <Blank>

Name: EventLog-ApplicationError
Expression: {Template_WindowsRegistry:eventlog[Application].logseverity(4)}=4
<No Dependencies>
Severity: High
Comments: <Blank>

- Created 2 new actions as follows:
Name: EventLog-ApplicationError
EventSource: Triggers
Conditions: Trigger = "EventLog-ApplicationError"
Operations: Send message to user "Admin"
Message Subject: {TRIGGER.NAME}: {STATUS}
Message: {HOST} {TRIGGER.NAME}: {STATUS}

Name: EventLog-SystemError
EventSource: Triggers
Conditions: Trigger = "EventLog-SystemError"
Operations: Send message to user "Admin"
Message Subject: {TRIGGER.NAME}: {STATUS}
Message: {HOST} {TRIGGER.NAME}: {STATUS}

I then assigned the template to 2 windows servers and have been watching them for a couple of days. I seem to have 2 problems:
1. The triggers don't seem to fire consistently. UNLESS... will the trigger still fire if the subsequent error conditions are from the same source in the Event Log?

2. Even when the triggers do fire, it never sends an email message.

Any thoughts, suggestions, or offers to give me a labotomy would be very much appreciated!

tia,
Bill