Hi,
I am evalutation checkmk and zabbix and i have a question about the windows event log monitoring. After reading i concluded that the best approach seems to use the event consol and filter on the checkmk side. The monitoring server just has 4gb of ram, quard core cpu and a disk of 60GB which is more then sufficient for our use case (with no log monitoring).
Question 1: if i just want to monitor specific events and drop all the others that is possible in check mk i believe and the other logs would not get stored in the database?
Question 2: is it possible to filter the contents of the logs? What do i mean by this, in zabbix i can create rules to monitor specific event id’s: Lets say a new high priveleged account has been created and i can filter out the new account name and who created it and display that on my consol.
Is this possible in check mk?
thanks in advance