Track the creation of new entities, updates to the existing configuration, and potential intrusion attempts with Zabbix audit log.

If your monitoring environment is managed by more than a single administrator, it can become hard to track the implemented changes and additions. Having a detailed audit log can help you analyze any potentially unwanted changes and detect potential intrusion attempts.

Use Zabbix audit log to track changes in your environment:

  • Track configuration changes and updates
  • Audit log displays information about Zabbix server and frontend operations
  • Identify potential intrusion attempts and their source
  •  Filter the audit log by action and resource types

Check out the video to learn how to track changes in Zabbix audit log.

How to track changes in Zabbix audit log:

  1. Navigate to Administration  General  Audit log
  2. Enable and configure your Zabbix audit log settings
  3. Perform a failed login attempt
  4. Check the related entries under Reports  Audit log
  5. Navigate to Configuration →  Hosts
  6. Import hosts or templates from a YAML file
  7. Check the related entries under Reports  Audit log
  8. Filter the entries by the Recordset ID
  9. Navigate to Configuration  Hosts
  10. Find a host with a low-level discovery rule on it
  11. Execute the low-level discovery rule
  12. Check the related entries under Reports  Audit log
Tips and best practices
  • Audit logging should be enabled in the Administration settings to collect audit records
  • Audit log entry storage period can be defined under Administration → General → Audit log
  • Each audit log entry belongs to a Recordset ID which is shared by entries created as a result of the same operation
  • auditlog.get API method can be used to obtain audit log entries via the Zabbix API
Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x