Reading Windows Event Logs
In this lecture I create an advanced item. The item reads the Windows event logs and looks for a specific windows event ID 4625 which is also known as 'failed logon'.
The item type is Zabbix Agent (Active)
and the key is
The type of information is Log
The duration to keep the data and the frequency of checking for the item is up to you.
I then try to log on to my Windows laptop and generate some failed logins.
I then see the failed login events on the Monitoring ⇾ Latest Data page.
It may be useful to set up a trigger for failed logons.
In the video, I create the trigger using the expression
logeventid(/Windows Basic/eventlog[Security,,,,4625,,skip])=1 and also enable
Allow manual close