Monitoring Event ID from Windows Eventlog

davido64 · February 8, 2023, 1:15pm

Hi there,
I’ve found a couple post on the subject on the forum but I couldn’t achieve what I needed after carefully reading them.
So my question is : How do I monitor certain eventID triggered in the Windows EventLog.
For example I’d like to monitor the ID 4005 from the Application Log and have a Warning or Critical message displayed on the CheckMk monitoring for the host whenever the event is triggered.

I’ve found a interesting post here : Simple (better) local check; Monitor windows event logs\ID’s - How-to Articles - Checkmk Community
but I’d like to achieve it using the embedded options from CheckMk.
Thanks for you help.

mike1098 · February 8, 2023, 2:57pm

Please carefully read this

gstolz · February 8, 2023, 3:18pm

Additional resource that goes through this step by step: Monitoring Windows Security Log with the CMK Event Console rule logwatch - Checkmk Knowledge Base - Checkmk Knowledge Base thanks to @wittmannthom and @athomaidis

system · February 8, 2024, 3:18pm

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.