[ZBX-14429] Eventlog Windows does not work Created: 2018 Jun 01  Updated: 2018 Jun 06  Resolved: 2018 Jun 05

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: Agent (G), Server (S)
Affects Version/s: 3.0.16
Fix Version/s: None

Type: Incident report Priority: Critical
Reporter: Fabian Fasser Assignee: Unassigned
Resolution: Won't fix Votes: 0
Labels: agent, items, triggers
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File image-2018-06-01-14-33-53-220.png     Text File image-2018-06-01-15-01-11-568.png     Text File image-2018-06-01-15-04-36-099.png     Text File image-2018-06-01-15-05-11-905.png     PNG File image-2018-06-05-15-06-17-150.png     PNG File image-2018-06-05-16-19-00-138.png    

 Description   

I have a problem with the eventlog for windows.

I don't get any values with eventlog[Application,,,^MSSQL,^(9001)$,,]

I need any values from the application log, which starts with MSSQL e.x. MSSQL$PAV_CORE

Does anybody know a solution?

 

Thanks

 Comments   
Comment by Elina Kuzyutkina (Inactive) [ 2018 Jun 01 ]

Hello, Fabian

What zabbix_agent version do you use? Have you any other eventlog checks on that host that works correctly?

Can you attach the screenshot of item configuration and zabbix_agent.conf file?

Regards,

Elina

Comment by Fabian Fasser [ 2018 Jun 01 ]

Hello Elina

We use the Zabbix Version 3.2

The 1000 event is just for a test. Right now it is not able to attach the config file.

 

Best regards

Comment by Elina Kuzyutkina (Inactive) [ 2018 Jun 01 ]

Is there any other active checks of eventlog[] on the host that work?

And can you attach full view of item configuration? not only the key

Comment by Fabian Fasser [ 2018 Jun 01 ]

This one works on the server e.g. 

 

 

Here is the full config of the one which does not work:

 

Comment by Elina Kuzyutkina (Inactive) [ 2018 Jun 01 ]

Thank you, I need time to check whether $ affects on items regex

Comment by Elina Kuzyutkina (Inactive) [ 2018 Jun 04 ]

I'm sorry to have kept you waiting. $ don't affects on items regex and zabbix works correctly.

Can you try to cach this error string manually?

from power shell:

> New-EventLog -LogName Application -Source 'MSSQL$SOURSE'
> Write-EventLog

LogName: Application
Source: MSSQL$SOURSE
EventId: 9001
Message: "TEST"

from cmd:

 

eventcreate /ID 901 /L APPLICATION /T INFORMATION /SO MSSQL$SOURCE /D "Test string"

but here you can not specify sourceid over 1000, so you need to change the key

 

Comment by Fabian Fasser [ 2018 Jun 04 ]

HI Elina

I tried that already but nothing changed.

Without the Source 'MSSQL' in the item it works but not with the source.

Comment by Elina Kuzyutkina (Inactive) [ 2018 Jun 04 ]

Can you provide output from powershell:

 Get-EventLog Application -InstanceId 9001 | ?{$_.source -like "MSSQL*"}

?

Comment by Fabian Fasser [ 2018 Jun 05 ]

That's the output

Comment by Elina Kuzyutkina (Inactive) [ 2018 Jun 05 ]

There are no events that match your key in the event log, so Zabbix does not receive any values.

Please check the event parameters that you want to catch. Because it's not a bug, I'l close this ticket.

Regards,

Elina

Comment by Fabian Fasser [ 2018 Jun 05 ]

It works with the following command:

get-eventlog Application -Source "MSSQL*" -Message "The log for database*"

 

Comment by Elina Kuzyutkina (Inactive) [ 2018 Jun 06 ]

There is condition in your key for eventid ^(9001)$, but events you want to catch have another id. 

please try

eventlog[Application,,,^MSSQL,,,]

instead

eventlog[Application,,,^MSSQL,^(9001)$,,]

Regards,

Elina

Generated at Sun Apr 06 10:19:48 EEST 2025 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.