Details
-
Problem report
-
Status: Confirmed
-
Trivial
-
Resolution: Unresolved
-
None
-
None
-
None
-
None
Description
I installed Zabbix agent 5.0.6 on Windows Server 2016 and want to monitor Windows audit logs.
I created item `eventlog[Security,,Information]` but it seems to collect nothing.
According to the Zabbix document [*1], "severity" parameter in eventlog[] accepts "Information", "Warning", "Error", "Critical", and “Verbose”.
In Zabbix 2.0 or older, there were "Failure Audit" and "Success Audit" severity.
Are these severity values effective in Zabbix 5.0?
[*1]: https://www.zabbix.com/documentation/5.0/manual/config/items/itemtypes/zabbix_agent/win_keys
I tried `eventlog[Security,,Failure Audit]` and `eventlog[Security,,Success Audit]` items and they seem to work well.
Are these items appropriate in Zabbix 5.0?
Steps to reproduce:
1. install Zabbix agent on Windows Server 2016
2. create a new item `eventlog[Security,,Information]`
Result:
collect Windows audit logs.
Expected:
collect nothing.