Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-18769

eventlog[] with severity set to "Information" does not collect "Success Audit" and "Failure Audit"

XMLWordPrintable

    • Icon: Problem report Problem report
    • Resolution: Unresolved
    • Icon: Trivial Trivial
    • None
    • None
    • None
    • None

      I installed Zabbix agent 5.0.6 on Windows Server 2016 and want to monitor Windows audit logs.
      I created item `eventlog[Security,,Information]` but it seems to collect nothing.

      According to the Zabbix document [*1], "severity" parameter in eventlog[] accepts "Information", "Warning", "Error", "Critical", and “Verbose”.
      In Zabbix 2.0 or older, there were "Failure Audit" and "Success Audit" severity.
      Are these severity values effective in Zabbix 5.0?

      [*1]: https://www.zabbix.com/documentation/5.0/manual/config/items/itemtypes/zabbix_agent/win_keys

      I tried `eventlog[Security,,Failure Audit]` and `eventlog[Security,,Success Audit]` items and they seem to work well.
      Are these items appropriate in Zabbix 5.0?

      Steps to reproduce:
      1. install Zabbix agent on Windows Server 2016
      2. create a new item `eventlog[Security,,Information]`

      Result:
      collect Windows audit logs.

      Expected:
      collect nothing.

            zabbix.dev Zabbix Development Team
            kento.takahashi Kento Takahashi
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: