Monitoring the Windows Event Log

An open discussion forum for obtaining help with Nagios Core. Nagios Core users of all experience levels are welcome here. Subforum have been created for the discussion of Nagios Core and Nagios Plugin development.

NOTE: The SourceForge.net mailing lists have been deprecated in favor of this forum in order to expedite support and provide additional features not available on the old mailing list.

Monitoring the Windows Event Log

Postby amitgupta19 » Tue Jul 23, 2019 11:38 am

I am using the Nagios Core 4.4.3 on CentOS.

I have got the requirement to monitor the Windows Event Log.

Can anyone guide me how to do it using the NSClient++?

I know that we can do it using the Nagios Log Server as well, also can you point to any document which has all the details to achieve this using the Nagios Log Server.
amitgupta19
 
Posts: 180
Joined: Fri Sep 08, 2017 5:53 am

Re: Monitoring the Windows Event Log

Postby scottwilkerson » Tue Jul 23, 2019 1:04 pm

As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
DevOps Engineer
 
Posts: 15780
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises

Re: Monitoring the Windows Event Log

Postby amitgupta19 » Wed Jul 24, 2019 6:52 am

I have the requirement to search only the some specific Event ID.

After going through the documentation for the NSClient, i could not find that how do i implement it?

Which script i need to download to my Nagios Server.

What command should i use?

Can you guide me?
amitgupta19
 
Posts: 180
Joined: Fri Sep 08, 2017 5:53 am

Re: Monitoring the Windows Event Log

Postby scottwilkerson » Thu Jul 25, 2019 6:29 am

In the "Checking for specific messages"section here
https://docs.nsclient.org/reference/windows/CheckEventLog/#checking-for-specific-messages

You can see you can apply a filter and specify an id which corresponds to the event id
Code: Select all
check_eventlog "filter=provider = 'Microsoft-Windows-Security-SPP' and id = 903"


or you could use just something like the following where the event id you want to use is 903
Code: Select all
check_eventlog "filter=id = 903"
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
DevOps Engineer
 
Posts: 15780
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises

Re: Monitoring the Windows Event Log

Postby amitgupta19 » Tue Jul 30, 2019 6:34 am

Hi Scott,

Thanks for your response.

When i try to run the command manually it is giving the following error:

[xxxxxxxxx@cblnagios01 libexec]$ ./check_nrpe -H xxxxxxxx -p 5666 -c checkeventlog "filter=id=7002"
No file specified try adding: file=Application

If you can suggest me what command should i write in the commands.cfg file, and services.cfg file that will be great.
amitgupta19
 
Posts: 180
Joined: Fri Sep 08, 2017 5:53 am

Re: Monitoring the Windows Event Log

Postby amitgupta19 » Wed Jul 31, 2019 7:02 am

Can anyone look into it?
amitgupta19
 
Posts: 180
Joined: Fri Sep 08, 2017 5:53 am

Re: Monitoring the Windows Event Log

Postby benjaminsmith » Wed Jul 31, 2019 3:02 pm

Hi @amitgupta19 ,
Can anyone look into it?

The command doesn't look quite right, try running:
Code: Select all
./check_nrpe -H xxxxxxxx -p 5666 -c check_eventlog - a "filter=id=7002"

Let me know if you get it working.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
benjaminsmith
 
Posts: 1469
Joined: Wed Aug 22, 2018 4:39 pm
Location: saint paul

Re: Monitoring the Windows Event Log

Postby amitgupta19 » Thu Aug 01, 2019 7:27 am

Please find here with the update:
Error remains the same.

[xxxxxxx@cblnagios01 libexec]$ ./check_nrpe -H xxxxxxxx -p 5666 -c check_eventlog - a "filter=id=7002"
No file specified try adding: file=Application
amitgupta19
 
Posts: 180
Joined: Fri Sep 08, 2017 5:53 am

Re: Monitoring the Windows Event Log

Postby benjaminsmith » Thu Aug 01, 2019 3:39 pm

Hello @amitgupta19

It's working on my system.

nsclient.png
nsclient.png (5.17 KiB) Viewed 276 times

It looks like there was an extra space in front of the a in the last command. My apologies, can you try it again?
./check_nrpe -H xxxxxxxx -p 5666 -c check_eventlog -a "filter=id=7002"
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
benjaminsmith
 
Posts: 1469
Joined: Wed Aug 22, 2018 4:39 pm
Location: saint paul

Re: Monitoring the Windows Event Log

Postby amitgupta19 » Mon Aug 05, 2019 7:26 am

Hi Benjamin,

Thanks for the clarification, i have typed the whole command instead of copy and pasting. Now it is giving a different e error:

[xxxxxxxx@cblnagios01 libexec]$ ./check_nrpe -H 172.16.xxx.xxx -p 5666 -c check_eventlog -a "filter=id=7002"
Exception processing request: Request contained arguments (not currently allowed, check the allow arguments option).
amitgupta19
 
Posts: 180
Joined: Fri Sep 08, 2017 5:53 am

Next

Return to Nagios Core

Who is online

Users browsing this forum: No registered users and 25 guests