Werk #3106: windows agent: added support for new eventlog types introduced with windows vista / server 2008
Component | Checks & agents |
Title | windows agent: added support for new eventlog types introduced with windows vista / server 2008 |
Date | Mar 22, 2016 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk Version | 1.4.0i1 |
Level | Trivial Change |
Class | New Feature |
Compatibility | Compatible - no manual interaction needed |
The new eventlogs introduced in windows vista / windows server 2008 can only be accessed through a new api introduced in that same version. To allow this agent to work with older windows versions, the api used can be toggled through the configuration file and, for compatibilty, defaults to the old style. To enable the new api, set "vista_api = yes" in the logwatch section. This only changes the api, it doesn't automatically enable additional logs (there could be hundreds). Instead you can manually activate the new-style logs with a line like this (again in the logwatch section): "logname Microsoft-Windows-GroupPolicy/Operational = warn" The correct name to use for the logs can be found in windows through the Properties-Window of a log.