Hello, i tried to get some events from the security eventlog.
But no success. i dont know what i am doing wrong.
Read 4 times the documentation, but no events will be delivered.
I created Event Console rules - try - green bubble. Ok
1.6.0.17
How can i send the Security Events from Windows Hosts to Check MK ??
This is so confusing.
This is a complete other problem than the forwarding to the EC 
How does your configuration of the Windows agent is done?
Most events from security are informational and normally not sent with the agent.
You need to configure to sent all events of this log.
The next step is - how does your EC rule looks?
With default agent installation you will not get all the relevant security entries.
This is only the logwatch snippet from the yml config file.
logwatch:
enabled: true
logfile:
- application: warn nocontext
- system: warn nocontext
- security: all nocontext
- "*": off context
The important thing is the “security: all” part.
So Syntax is like yours or like in the yml File
i mean with ’ oder without ’
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact @fayepal if you think this should be re-opened.