Windows EventLog

MarioC.Datek · December 4, 2024, 7:21pm

Hello.

I have another monitoring issue and I need to monitor windows events, I know how to configure to monitor it from the event console, but is it possible to monitor only one event per ID without having to enable the syslog in checkmk or configure the “event rules”?

I have made several tests with the “Finetune Windows Eventlog monitoring” rule and with the “logfile patterns” rule, I have modified the file “C:\ProgramData\checkmk\agent\check_mk.user.yml” and in no case I have been able to get something clear.

PetraH · December 5, 2024, 8:46am

Hi @MarioC.Datek,

in this KB article you can find how to configure the monitoring of Evantlogs using the Event Console:

https://checkmk.atlassian.net/wiki/spaces/KB/pages/9473844/Monitoring+Windows+security+log+with+the+CMK+Event+Console+rule+logwatch

You can use this as a template to generate a more detailed one, by using specific regex for looking of the Eventlogs.

Regards,
Petra

MarioC.Datek · December 30, 2024, 8:08am

it is just what I needed! thank you very much Petra