Reading Windows Event Logs
Video Lecture
Description
In this lecture I create an advanced item. The item reads the Windows event logs and looks for a specific windows event ID 4625 which is also known as 'failed logon'.
The item type is Zabbix Agent (Active)
and the key is
eventlog[Security,,,,4625,,skip]
The type of information is Log
The duration to keep the data and the frequency of checking for the item is up to you.
I then try to log on to my Windows laptop and generate some failed logins.
I then see the failed login events on the Monitoring ⇾ Latest Data page.
It may be useful to set up a trigger for failed logons.
In the video, I create the trigger using the expression logeventid(/Windows Basic/eventlog[Security,,,,4625,,skip])=1
and also enable Allow manual close