WindowsEventID Monitoring

This board serves as an open discussion and support collaboration point for Nagios XI. NOTE: Nagios XI customers should use the Customer Support forum to obtain expedited support.

Re: WindowsEventID Monitoring

Postby scottwilkerson » Wed Sep 04, 2019 6:52 am

Change this line
Code: Select all
allow_nasty_meta_chars = 1

to this
Code: Select all
allow nasty characters = 1


and then restart nsclient++
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
DevOps Engineer
 
Posts: 16226
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises

Re: WindowsEventID Monitoring

Postby grayloglearn » Wed Sep 04, 2019 11:05 pm

Finally its working for me. Just want to check with you if we add below line what nsclient consider.

allow_nasty_meta_chars = 1



Iam just attaching the lines to help someone who want to monitor the event ID, Hope this will help atleast one.

How to enable the Event ID monitor using check_nrpe for windows server

Event ID monitoring for windows via check_nrpe
1) Install the nsclient in windows and while installing the nsclient select the check_nrpe check box.
2) Go to the nsclient.ini file add the below.

[/settings/NRPE/server]
allow arguments = 1
allow_nasty_meta_chars = 1

The nslcient I have used as version 0.4.4
Open Port 5666,12489 from Windows

Now check the communication from server to remote windows server. use the below command to check , check_nrpe will work or not.

root@ip-XXXXX:/usr/local/nagios/libexec# ./check_nrpe -H 172.31.89.249
I (0.4.4.23 2016-04-05) seem to be doing fine

3) Then check the event log/ID which monitor.
The below is the screen shot I want to monitor,


Event ID 7023 I want to monitor for that use the below command

./check_nrpe -H 172.31.89.249 -c check_eventlog -a "scan-range=-1500m" "file=System" "warn=count>0" "crit=none" "filter=(id='7023' AND source='Service Control Manager') AND level in('error', 'warning')"

-c check_eventlog : Its an inbuild command with check_nrpe
-a scan-range: it will check last 1500 min (Its depend from last how many minutes you want)
File=System: You can see the screen shot LogName is System( If you want to monitor Application give application or security give security)
Warn=count>0 : in last 1500 min if any eventID with 7023 will generate more than 0, means atleast 1
"crit=none": If there is no critical
"filter=(id='7023' AND source='Service Control Manager') AND level in('error', 'warning')" : It will Filter Event ID 7023 and Source which is screen shot as Service Control Manager and the level in Either in error and warning) level you can see as below screen shot.


I checked it its working fine.
root@ip-XXXXx:/usr/local/nagios/libexec# ./check_nrpe -H 172.31.89.249 -c check_eventlog -a "scan-range=-1500m" "file=System" "warn=count>0" "crit=none" "filter=(id='7023' AND source='Service Control Manager') AND level in('error', 'warning')"
WARNING: 1/1 System Service Control Manager (The IP Helper service terminated with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.)|'count'=1;0;0
Attachments
Event ID monitoring via check_nrpe.docx
EventIDMonitoirng
(48.89 KiB) Downloaded 5 times
grayloglearn
 
Posts: 118
Joined: Thu Jul 06, 2017 8:55 am

Re: WindowsEventID Monitoring

Postby scottwilkerson » Thu Sep 05, 2019 8:29 am

grayloglearn wrote:Now check the communication from server to remote windows server. use the below command to check , check_nrpe will work or not.

root@ip-XXXXX:/usr/local/nagios/libexec# ./check_nrpe -H 172.31.89.249
I (0.4.4.23 2016-04-05) seem to be doing fine


this is the expected response.

this all appears to be working properly
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
DevOps Engineer
 
Posts: 16226
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises

Previous

Return to Nagios XI

Who is online

Users browsing this forum: No registered users and 5 guests