New Feature Request
I wanted to monitor a Windows Event log: "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"
I wasn't sure how to specify the name correctly. I went to the Zabbix Windows event log documentation page.
The description of the name parameter just said: "name of event log". The event log above has spaces in the name. I wasn't sure whether quotes were necessary. I tried including quotes and it worked, but from other examples online, it would seem quotes aren't necessary.
The provided examples only dealt with the "classic" event logs, like "Application" or "System".
But with the newer style event logs, sometimes the log name in the Event viewer GUI doesn't match the file name on disk. For instance, in the example below, within the Event Viewer GUI, the Log Name field differs from the File name on disk. Which one does the agent expect for the Name parameter?
GUI: Microsoft-Windows-Windows Remote Management/Operational
File on disk: Microsoft-Windows-WinRM%4Operational.evtx
From my research, you are supposed to use the file on disk, but with the "%4" replaced with '/'.
To summarize, the documentation would be improved by:
1) Clarifying whether quotes are required when the log name contains spaces
2) Clarifying whether the agent expects the actual file name, or the name shown within the Event Viewer GUI (which is often the tool people will be using to view the logs, and so naturally may think the logname displayed within it is the one to use)
3) Adding an example where the item key is using a newer-style Windows Event log