Ad Widget

Collapse

Eventlog Monitor

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Agasef
    Junior Member
    • Sep 2024
    • 2
    #1

    Eventlog Monitor

    Hi,

    I want to see logon failed logs based on Event ID 4776. For this, I wrote an item in the template:
    eventlog[Security,,,,4776,,skip]

    and I wrote the trigger:

    logeventid(/BSEDC18/eventlog[Security,,,,4776,,skip])=1

    If the trigger works, the action does not work. Mail does not receive an alert that there is a problem.

    Click image for larger version Name: image.png Views: 150 Size: 6.7 KB ID: 490963
    Tags: None
    • kamil1
      Member
      • Aug 2024
      • 40
      #2
      Hi,
      Couple of hints you might want to check:
      • Modify the trigger to explicitly check for Event ID 4776 with logeventid: {BSEDC18:eventlog[Security,,,,4776,,skip].logeventid(4776)}=1
      • Ensure the severity of the trigger matches the action’s conditions.
      • Review action configuration and ensure email settings are correct.
      • Check Zabbix server logs for any errors related to the action or trigger.
      • Test with a known event to confirm the alerting system works.

        Comment

        Previous template Next
        Working...