Ad Widget

**swaterhouse** · 26-09-2008, 14:17

Originally posted by cjwallace

Edit:

Just a thought, could this be any kind of permissions thing on the Windows server? What account \ permissions does the zabbix_agentd.exe have on the server?

Should not be a permissions problem. The agent runs as whatever account you set the service to run as, by default "LocalSystem".

Can you see the entries you are trying to trigger on in the lastest data screen (go to Latest data, select the host you are looking on, and click on the "history" link next to the security event log item to view all the events that item has brought back)?

**cjwallace** · 26-09-2008, 15:10

Hello mate.

Thanks for the reply. Ok good to rule out the permissions thing and yes it is running under localsystem account.

When i look in the latest data and the history i dont see all the items that are in the event viewer.

I have seen it register a group change once and even then that change hit zabbix like 3 hours after then event in Windows.

It just feels like zabbix is not pulling all the information from the security event viewer.

Also the time stamp and the local time are like 3 hours out of sync.

Any ideas?

Thanks again for your help

**cjwallace** · 27-09-2008, 13:33

Guys.

Any thoughts?

**trikke** · 29-09-2008, 17:49

({LNDC02:eventlog[Security].str(Security Enabled Global Group Member Added: Member Name}=1)

I guess that the ":" is making you trouble, try to match against a string without the ":" !!!!

Greets
Patrick

**cjwallace** · 05-10-2008, 15:30

Hi mate. I dont think that the ":" is the problem. It seems not all information from the Security event logs is getting through to Zabbix.

I built test domain.

1 X domain controller

1 X Zabbizx server with 1.6 installed running ubuntu and still does not work.

Can someone who is monitoring the security logs check to see if it is picking up security group changes.

This is not good for me as i cant move forward until i have this working

**cjwallace** · 15-10-2008, 20:45

Guys. this issue is just killing me big time.

If i monitor the Application, System i get perfect results and if i match zabbix to windows then it is spot on.

But and here is my major issue. If i monitor Security then its not right. Zabbix is not pulling in all the items that are recorded in windows and i just cant work it out.

Can someone please please try and help me fix this

Craig

**cjwallace** · 18-10-2008, 16:29

Guys.

I am making some real progress here. This is just an update as i want to make a new post for a different issue. Before i was using SUSE11 and although i really like SUSE coming from a windows background i have moved on.

Today i installed Ubuntu 8.0.4 and so far so good. When i ask Zabbix to monitor the windows security event log it is doing just that and it is picking up all changes to security groups i make and is alerting on them. So for the first time since i started to play with Zabbix it looks like i am on the road to having this working.

I am going to make a new post about an issue i have. Right now i have a big smile as it looks like i am finally getting somewhere

Craig

**gospodin.horoshiy** · 21-10-2008, 21:17

Is there anyway to wrap text in Latest Data , Eventlog view?
If I go to Latest Data -> Eventlog[application] -> History

then I literally need VERY WIDE MONITOR to read some messages. Thnx

**gospodin.horoshiy** · 03-12-2008, 16:45

Upd, how can I wrap events?

**troffasky** · 04-12-2008, 13:30

Originally posted by gospodin.horoshiy

Upd, how can I wrap events?

In the absence of any better suggestions, you could install Firebug and have a go at hacking the CSS.

**Hotzenwalder** · 09-01-2009, 10:17

When monitoring the eventlog[security] the source is always 'unknown'. When I monitor the Sytem log I get Information, Warning, Critical etc as expected. What is going wrong here? (Zabbix version 1.4.5)

Ad Widget

Event Viewer

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment