Ad Widget

**alizy76** · 16-08-2023, 12:49

Originally posted by JonathanKreis

Hello guys,

I have tried to integrate Windows Events into Zabbix and tried a lot of instructions. Unfortunately it still does not work. I send you my attempt. Maybe you will find the error.
I create an advanced item. The item reads the Windows event logs and looks for a specific windows event ID 4625 which is also known as 'failed logon'.

The item type is: Zabbix Agent (Active)
The key is: eventlog[Security,,,,4625,,skip]
The type of information is: Log
The duration to keep the data and the frequency of checking for the item is: 1 minute.

I then tried to log on to my Windows laptop and generate some failed logins.
Thank you very much for your help!

Hello,

Thank you for providing the details of your integration attempt. It seems like you're on the right track with creating an advanced item to read Windows event logs for specific event IDs.

However, there might be a small issue with your item key. The correct syntax for the item key should be:
phpCopy code
eventlog[<Log Name>,<Search String>,<Event Type>,<Event ID>,<Source>,<Severity>]
In your case, for failed logons with event ID 4625 in the Security log, the item key should be:
cssCopy code
eventlog[Security,,,,4625,]
Please make sure you have the correct log name (in this case, "Security") and event ID (4625). Also, ensure that the Zabbix agent is running on the target Windows machine and that the Zabbix server can communicate with the agent.

If you've already corrected the item key and are still experiencing issues, you might want to check the Zabbix agent logs and the Windows Event Viewer for any error messages that could provide more insight into the problem.

I hope this helps resolve the issue. Feel free to reach out if you have any further questions or need additional assistance.

**cyber** · 16-08-2023, 15:06

Don't give false advice.. it is

Code:

eventlog[name,<regexp>,<severity>,<source>,<eventid>,<maxlines>,<mode>]

and topic starter has everything correctly.

**JonathanKreis** · 21-08-2023, 16:20

Thank you very much for your help. I will try it!!!

**vijayk** · 22-08-2023, 06:04

Originally posted by JonathanKreis

Hello guys,

I have tried to integrate Windows Events into Zabbix and tried a lot of instructions. Unfortunately it still does not work. I send you my attempt. Maybe you will find the error.
I create an advanced item. The item reads the Windows event logs and looks for a specific windows event ID 4625 which is also known as 'failed logon'.

The item type is: Zabbix Agent (Active)
The key is: eventlog[Security,,,,4625,,skip]
The type of information is: Log
The duration to keep the data and the frequency of checking for the item is: 1 minute.

I then tried to log on to my Windows laptop and generate some failed logins.
Thank you very much for your help!

Hi,

Below is my Item created and its working fine. Make sure you have entered the ServerActive=Zabbix_Server_IP in zabbix_agentd.config file in Agent System.

**JonathanKreis** · 22-08-2023, 15:28

Maybe you can find the error

**vijayk** · 26-08-2023, 05:44

Which version do you have? Is 192.168.0.137 your Zabbix Server IP?

**cyber** · 28-08-2023, 09:28

Is that pic from agent config on that windows host? Why does it have "Hostname=Zabbix server" there? Change to correct hostname. And hopefully you have that host defined properly in Zabbix also...

Ad Widget

Windows Event Logs

Windows Event Logs

Comment

Comment

Comment

Comment

Comment

Comment

Comment