CMK version: 2.2.0p10.cee OS version: Ubuntu 22.04.3 LTS
So I’m currently trying to monitor and forward events from the windows eventlog under microsoft-windows-terminalservices-remoteconnectionmanager/operational.
Therefore I created a agent rule for finetuning windows eventlog monitoring and added “microsoft-windows-terminalservices-remoteconnectionmanager/operational” with warn/crit and with context.
After updating the agent on the windows server the following message appears for service “Log Forwarding”:
hey,
it is added as upper case in the Finetune Windows Eventlog monitoring rule, and from the agent it is changed to lower case.
So I’m not quite sure how I could affect this behaviour.
Regards,
n3m0
Only if I add the name of the log (microsoft-windows-terminalservices-remoteconnectionmanager/operational) in the check_mk.yml the log forwarding for these events is working. Via the Finetune Windows Eventlog monitoring it isn’t working.
Do I have to add these lines manually on each monitored Windows server? Or is there a way to control this from the web console?
The eventlog for rdp connections contains barely logs with state warning or critical. Therefore there were no events to be forwarded. After changing the setting to all the forwarding rule works as expected.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.
