Critical level in Windows 2008 eventlog processed incorrectly as Information level

XMLWordPrintable

    • Type: Incident report
    • Resolution: Duplicate
    • Priority: Major
    • None
    • Affects Version/s: None
    • Component/s: Agent (G)
    • Environment:
      Windows 2008 and 2008r2

      Microsoft introduced the "critical" log level in the event viewer in windows.
      At the moment the windows agent only has the following levels (copied from active.c):

      case EVENTLOG_SUCCESS:
      case EVENTLOG_INFORMATION_TYPE:
      severity = 1;
      zbx_snprintf(str_severity, sizeof(str_severity), INFORMATION_TYPE);
      break;
      case EVENTLOG_WARNING_TYPE:
      severity = 2;
      zbx_snprintf(str_severity, sizeof(str_severity), WARNING_TYPE);
      break;
      case EVENTLOG_ERROR_TYPE:
      severity = 4;
      zbx_snprintf(str_severity, sizeof(str_severity), ERROR_TYPE);
      break;
      case EVENTLOG_AUDIT_FAILURE:
      severity = 7;
      zbx_snprintf(str_severity, sizeof(str_severity), AUDIT_FAILURE);
      break;
      case EVENTLOG_AUDIT_SUCCESS:
      severity = 8;
      zbx_snprintf(str_severity, sizeof(str_severity), AUDIT_SUCCESS);
      break;

      Critical events are very important events to monitor to prevent disaster.

        1. 1.critical_event_not_support.png
          1.critical_event_not_support.png
          82 kB

            Assignee:
            Unassigned
            Reporter:
            Ruud Boersma
            Votes:
            5 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: