Https://www.zabbix.com/documentation/2.2/manual/config/items/itemtypes/zabbix_agent/win_keys
Proc_info[<process>,<attribute>,<type>]
Process -Process Name
attribute -requested Processattribute.
type -representation type (meaningful when more than one process with the same name exists)
The following attributes is currentlysupported:
vmsize-Size of processvirtual memory in Kbytes
Wkset-Size of Process workingset (amount of physical memory used by process) in Kbytes
PF-Number of page faults
Ktime-Process Kernel Time inmilliseconds
Utime-Process User Time Inmilliseconds
io_read_b-Number of bytesread by process during I/O operations
Io_read_op-Number of readoperation performed by process
Io_write_b-Number of Byteswritten by process during I/O operations
Io_write_op-Number of writeoperation performed by process
Io_other_b-Number of bytestransferred by process during operations other than read and write operations
Io_other_op-Number of i/ooperations performed by process, other than read and write operations
Gdiobj-Number of GDI objectsused by process
Userobj-Number of userobjects used by process
Valid types is:
min-Minimal value among allprocesses named <process>
Max-maximal value among allprocesses named <process>
avg-average value for allprocesses named <process>
sum-Sum of values for allprocesses named <process>
Examples:
Proc_info[iexplore.exe,wkset,sum]-To get the amount of physical memory Takenby all Internet Explorer processes
PROC_INFO[IEXPLORE.EXE,PF,AVG]-To get the average number of page faults forinternet Explorer processes
Note that on a 64-bit system, a 64-bit Zabbix agent is required for the itemto work correctly.
Note:io_*, gdiobj and Userobj attributes is available only on Windows 2000and later versions of Windows, No on Windows NT 4.0.
Service_state[*]
0-running
1-paused
2-start pending
3-pause pending
4-continue pending
5-stop pending
6-stopped
7-unknown
255-no such service
Services[<type>,<state>,<exclude>]
type -One of all (default), Automatic, manual, disabled
State-one of the all (default), stopped, started, start_pending, stop_pending, running, Continue_pending,pause_ Pending, paused
exclude -List of services toexclude it from the result.
Excluded services should is written in double quotes, separated by comma,without spaces.
This parameter are supported starting with Zabbix 1.8.1.
Examples:
Services[,started]-List of started services
Services[automatic, stopped]-list of stopped services, that should be run
Services[automatic, stopped, "Service1,service2,service3"]-list ofstopped services, that should be run, excluding Servic Es with names Service1,service2 and Service3
Wmi.get[<namespace>,<query>]
namespace -WMI namespace
Query -WMI query returning Asingle object
This key was supported starting with Zabbix 2.2.0.
Examples:
Wmi.get[root\cimv2,select status from Win32_DiskDrive where Name like '%physicaldrive0% ']-Returns the status of the first Physical Disk
Eventlog[name,<regexp>,<severity>,<source>,<eventid>,<maxlines>,<mode>]
name-Name of event log
RegExp-Regular expressiondescribing the required pattern
severity-Regular expressiondescribing severity
The parameter accepts the following values:
"Information", "Warning", "Error", "Critical", "Verbose" (since Zabbix2.2.0Running on Windows vistaor newer)
In older Zabbix versions running on all Windows version it would be "information", "Warning", "Error", "Failure Audit", "Su Ccess Audit ".
Source-Regular expressiondescribing source identifier (regular expression is supported since Zabbix2.2.0)
EventID-Regular Expressiondescribing The event identifier (s)
Maxlines-Maximum number ofnew lines per second the agent would send to Zabbix server or proxy. Thisparameter overrides the value of ' Maxlinespersecond ' inzabbix_agentd.win.conf
Mode -Possible values:
All (default), skip (Skip processing of olderdata).
The mode parameter is supportedsince Zabbix 2.0.0.
The item must is configured as an Active Check .
Examples:
Eventlog[application]
Eventlog[security,, "Failure Audit",, ^ (529|680) $]
Eventlog[system,, "warning| Error "]
Eventlog[system,,,, ^1$]
Eventlog[system,,,, @TWOSHORT]-here's a custom regular expression named twoshort is referenced (Definedas a Result is TRUE type, theexpression itself being ^1$|^70$).
"Windows Eventing 6.0" is supported since Zabbix 2.2.0.
Monitoring Windows Services
This tutorial provides step-by-step instructions for setting up themonitoring of Windows services. It is assumed this Zabbix server and Agent areconfigured and operational.
To monitor the Up/down status of a service need to perform thefollowing steps:
Step 1
Get the service name.
You can get this name by going to the Services MMC and bringing up theproperties of the service. The General tab is should see a field called ' Service name '. The value that follows is the name of you would use when setting Upan item for monitoring.
For example, if you wanted to monitor the "workstation" service then Yourservice might be: lanmanworkstation.
Step 2
Configure an item for monitoring the service, with:
Key : service_state[lanmanworkstation]
Type of Information : Numeric (unsigned)
Show Value : Select the Windows service State Value mapping
This article is from "Moonlight Blast" blog, please be sure to keep this source http://skykws8023.blog.51cto.com/4514277/1597389
Zabbix monitoring Windows-related keys