Skip to content

Reading Windows Event Logs

Video Lecture

Reading Windows Event Logs Reading Windows Event Logs


In this lecture I create an advanced item. The item reads the Windows event logs and looks for a specific windows event ID 4625 which is also known as 'failed logon'.

The item type is Zabbix Agent (Active)

and the key is


The type of information is Log

The duration to keep the data and the frequency of checking for the item is up to you.

I then try to log on to my Windows laptop and generate some failed logins.

I then see the failed login events on the Monitoring ⇾ Latest Data page.

It may be useful to set up a trigger for failed logons.

In the video, I create the trigger using the expression logeventid(/Windows Basic/eventlog[Security,,,,4625,,skip])=1 and also enable Allow manual close

Windows Specific Item Keys