Skip to content

Reading Windows Event Logs

Video Lecture

Reading Windows Event Logs Reading Windows Event Logs

Description

In this lecture I create an advanced item. The item reads the Windows event logs and looks for a specific windows event ID 4625 which is also known as 'failed logon'.

The item type is Zabbix Agent (Active)

and the key is

eventlog[Security,,,,4625,,skip]

The type of information is Log

The duration to keep the data and the frequency of checking for the item is up to you.

I then try to log on to my Windows laptop and generate some failed logins.

I then see the failed login events on the Monitoring ⇾ Latest Data page.

It may be useful to set up a trigger for failed logons.

In the video, I create the trigger using the expression logeventid(/Windows Basic/eventlog[Security,,,,4625,,skip])=1 and also enable Allow manual close

Windows Specific Item Keys