Special Offer

Zabbix Monitoring Course Discount $11.99
https://www.udemy.com/course/zabbix-monitoring/?couponCode=607976806882D016D221
Offer expires in hours. Be quick and share with your friends and colleagues.

Special Offer

Grafana Course Discount $13.99
https://www.udemy.com/course/grafana-tutorial/?couponCode=D04B41D2EF297CC83032
Offer expires in hours. Be quick and share with your friends and colleagues.

Special Offer

Prometheus Course Discount $9.99
https://www.udemy.com/course/prometheus/?couponCode=EB3123B9535131F1237F
Offer expires in hours. Be quick and share with your friends and colleagues.

Special Offer

Threejs Course Discount $9.99
https://www.udemy.com/course/threejs-tutorials/?couponCode=416F66CD4614B1E0FD02
Offer expires in hours. Be quick and share with your friends and colleagues.

Reading Windows Event Logs

Video Lecture

Description

In this lecture I create an advanced item. The item reads the Windows event logs and looks for a specific windows event ID 4625 which is also known as 'failed logon'.

The item type is Zabbix Agent (Active)

and the key is

eventlog[Security,,,,4625,,skip]

The type of information is Log

The duration to keep the data and the frequency of checking for the item is up to you.

I then try to log on to my Windows laptop and generate some failed logins.

I then see the failed login events on the Monitoring ⇾ Latest Data page.

It may be useful to set up a trigger for failed logons.

In the video, I create the trigger using the expression logeventid(/Windows Basic/eventlog[Security,,,,4625,,skip])=1 and also enable Allow manual close

Useful Links

Windows Specific Item Keys