I have watched all the videos many many times and it seems I am missing certain features in the event console. Is there just a canned dashboard or event view that you can specify windows event log #? I am collecting logs just fine, i am monitoring 158 hosts, 1052 services so I know my set up is working.
In this video if I follow along I dont have the same options as he does.
Hi @jayson091 ,
welcome to the forum!
First question: Are you on the same Checkmk version? The video is based on version 2.1
Also, log & event monitoring is the same across all editions.
What is different, however, is the stuff after 5:06 - in the Raw Edition, you don’t have the agent bakery, so you can’t just bake a new agent and update it. See sections 3 an4 of this article for info on how to proceed in the Raw vs the Enterprise: Monitoring agents -- Monitoring with Checkmk devices in a network
Hope this helps
I am on 2.2.0p9. It looks like I should be able to do what I need. We are going through an audit so we are trying to pick a new SIEM platform, the problem is the CJIS requirements pretty much tell us to stay away from cloud. I have tried them all and CheckMK seems to be the easiest for our mostly windows environment.
Elias, I figured it out what I needed. I went off this video once I had my event logs pulling in and just modified it to include Event ID 4625 which is what gets triggered on Windows DC when a user fails their log in.
If anyone needs help go here to 3:27 and follow that.
Awseome, I am glad you were able to figure it out!
Happy (Log) Monitoring!
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.
