Ad Widget

Collapse

Windows Eventlog

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • cpe
    Junior Member
    • Feb 2021
    • 3
    #1

    Windows Eventlog

    I'm new to Zabbix I installed the 5.2 version on Ubuntu 20.04 using MySQL database and running on Apache.
    I was able to add 2 computers for monitoring, data is being collected, but the eventlog is not working.
    I setup the log item as Zabbix agent (active), using the key "eventlog[Application,,,,,,]", but nothing comes up.

    Checking the agent lof file, seems to be fine, no errors:

    Code:
    6168:20210205:101922.186 Starting Zabbix Agent [spujun-wks03]. Zabbix 5.2.4 (revision e9f58de09c).
6168:20210205:101922.187 **** Enabled features ****
6168:20210205:101922.188 IPv6 support: YES
6168:20210205:101922.190 TLS support: YES
6168:20210205:101922.191 **************************
6168:20210205:101922.192 using configuration file: C:\Program Files\Zabbix Agent\zabbix_agentd.conf
6168:20210205:101923.330 agent #0 started [main process]
8080:20210205:101923.332 agent #1 started [collector]
10132:20210205:101923.333 agent #2 started[listener #1]
8776:20210205:101923.334 agent #3 started[listener #2]
8788:20210205:101923.335 agent #4 started[listener #3]
9952:20210205:101923.336 agent #5 started [active checks #1]
    The Zabbix server ip address: 192.168.14.36
    The Zabbix server hostname: zabbix

    The agent config file is configured as shown below:

    Code:
    LogFile=C:\Program Files\Zabbix Agent\zabbix_agentd.log
Server=192.168.14.36
ServerActive=192.168.14.36
Hostname=spujun-wks03
HostnameItem=system.hostname
RefreshActiveChecks=120
Include=C:\Program Files\Zabbix Agent\zabbix_agentd.conf.d\
    Zabbix agent config file:

    Code:
    PidFile=/run/zabbix/zabbix_agentd.pid
LogFile=/var/log/zabbix/zabbix_agentd.log
LogFileSize=0
Server=127.0.0.1
ServerActive=127.0.0.1
Hostname=zabbix
Include=/etc/zabbix/zabbix_agentd.d/*.conf
    Zabbix server config file:

    Code:
    LogFile=/var/log/zabbix/zabbix_server.log
LogFileSize=0
PidFile=/run/zabbix/zabbix_server.pid
SocketDir=/run/zabbix
DBName=zabbix
DBUser=zabbix
DBPassword=MyStr0ngP4$$w0rd
SNMPTrapperFile=/var/log/snmptrap/snmptrap.log
CacheSize=32M
Timeout=4
FpingLocation=/usr/bin/fping
Fping6Location=/usr/bin/fping6
LogSlowQueries=3000
StatsAllowedIP=127.0.0.1
    The computers that I'm trying to collect data have the 10050 port open on firewall.

    I found some tutorials: https://medium.com/zabbix-tutorials/...x-736d87af8a1e is exactly what I'm looking for, I followed the steps, but couldn't make it work.

    Regards,
    LC
    Tags: None
    • markfree
      Senior Member
      • Apr 2019
      • 868
      #2
      Are you trying to monitor eventlog for both hosts?
      Why are you using "Server=127.0.0.1" and "ServerActive=127.0.0.1" for your second monitored host?

        Comment

        • cpe
          Junior Member
          • Feb 2021
          • 3
          #3
          Hi markfree ,

          This 127.0.0.1 is on the Zabbix server config files, that's why is 127.0.0.1.
          The computer that I'm trying to monitor is using 192.168.14.103.


          Regards,
          Leandro Chiesa

            Comment

            • markfree
              Senior Member
              • Apr 2019
              • 868
              #4
              Originally posted by cpe
              This 127.0.0.1 is on the Zabbix server config files, that's why is 127.0.0.1.
              The computer that I'm trying to monitor is using 192.168.14.103.
              If I'm not mistaken, Zabbix server configuration file has no parameter "Server" or "ServerActive".
              Those would be Agent parameters.

              By the way, if you set up "HostnameItem" parameter, then
              This option is only used when Hostname is not defined. (...)
              The default value for HostnameItem parameter is the value returned by the “system.hostname” agent key and for Windows platform it returns the NetBIOS host name.

              Let me see if I understood your scenario.

              Zabbix_server = zabbix/192.168.14.36
              Monitored host = 192.168.14.103
              I assume this is the one you're trying to collect event logs from, right?


              The tutorial you mentioned specifies the key "eventlog[Security,,,,4625,,skip]" as an example and you posted "eventlog[Application,,,,,,]". Is this the actual item key you are trying to use?
              Have you reviewed the tutorial?

              You could also check this Windows-specific item keys documentation to see if your set up is correct.

                Comment

                • cpe
                  Junior Member
                  • Feb 2021
                  • 3
                  #5
                  Hi markfree ,

                  So, the Zabbix server has the Zabbix Agent also installed and these configurations are from the Zabbix agent config file.

                  Yes, that's correct the host that I'm trying to monitor is 192.168.14.103.
                  The tutorial the guy tries to collect data from Security event log file, I'm trying to collect from the Application log file for testing, but I also tried to collect from the Security log file, but none of them worked.

                  Regards,
                  Leandro Chiesa

                    Comment

                    • markfree
                      Senior Member
                      • Apr 2019
                      • 868
                      #6
                      cpe , have you checked Log File Monitoring documetation?

                      Please, make sure you that your monitored host has Windows Event Log service enable and running.

                      Verify Agent Parameters
                      • 'Hostname' parameter matches the host name in the frontend
                      • Servers in the 'ServerActive' parameter are specified for the processing of active checks


                      I was able to add 2 computers for monitoring, data is being collected, but the eventlog is not working.
                      At the Web interface, do you see an error message next to the "status" column?


                      Can you check if your Zabbix server is listening on port 10051?
                      Code:
                      $ netstat -tnl | grep 10051
tcp 0 0 0.0.0.0:10051 0.0.0.0:* LISTEN
tcp6 0 0 :::10051 :::* LISTEN
                      Have you checked your server's log?

                        Comment

                        Previous template Next
                        Working...