Werk #3106: windows agent: added support for new eventlog types introduced with windows vista / server 2008

Component

Checks & agents

Title

windows agent: added support for new eventlog types introduced with windows vista / server 2008

Date

Mar 22, 2016

Level

Trivial Change

Class

New Feature

Compatibility

Compatible - no manual interaction needed

Checkmk versions & editions

1.4.0i1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.4.0i1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.4.0i1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.4.0i1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.4.0i1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.4.0i1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.4.0i1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.4.0i1	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

The new eventlogs introduced in windows vista / windows server 2008 can only be accessed through a new api introduced in that same version. To allow this agent to work with older windows versions, the api used can be toggled through the configuration file and, for compatibilty, defaults to the old style. To enable the new api, set "vista_api = yes" in the logwatch section. This only changes the api, it doesn't automatically enable additional logs (there could be hundreds). Instead you can manually activate the new-style logs with a line like this (again in the logwatch section): "logname Microsoft-Windows-GroupPolicy/Operational = warn" The correct name to use for the logs can be found in windows through the Properties-Window of a log.

To the list of all Werks