Monitoring the Windows Event Log

An open discussion forum for obtaining help with Nagios Core. Nagios Core users of all experience levels are welcome here. Subforum have been created for the discussion of Nagios Core and Nagios Plugin development.

NOTE: The SourceForge.net mailing lists have been deprecated in favor of this forum in order to expedite support and provide additional features not available on the old mailing list.

Re: Monitoring the Windows Event Log

Postby scottwilkerson » Thu Aug 08, 2019 10:35 am

Lets add the following to your nsclient.ini
Code: Select all
; Section for the EventLog Checker (CheckEventLog.dll).
[/settings/eventlog]

; BUFFER_SIZE - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
buffer size = 131072

; LOOKUP NAMES - Lookup the names of eventlog files
lookup names = 1

; DEBUG - Log more information when filtering (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.
debug = 0

; Section for NRPE active/passive check module.
[/settings/NRPE/client]

; CHANNEL - The channel to listen to.
channel = NRPE


restart NSCP

Then run the command again like this
Code: Select all
./check_nrpe -H xxx.xxx.xxx.xxx -p 5666 -c check_eventlog -a "filter=id=4003"
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
DevOps Engineer
 
Posts: 15796
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises

Re: Monitoring the Windows Event Log

Postby amitgupta19 » Thu Aug 08, 2019 12:04 pm

Hi Scott,

Thanks for the update.

Still the error remains same.
[amgupta@cblnagios01 libexec]$ ./check_nrpe -H xxx.xxx.xxx.xxx -p 5666 -c check_eventlog -a "filter=id=4003"
No file specified try adding: file=Application
amitgupta19
 
Posts: 180
Joined: Fri Sep 08, 2017 5:53 am

Re: Monitoring the Windows Event Log

Postby scottwilkerson » Thu Aug 08, 2019 12:28 pm

In trying to decipher this issue a little further I used your nsclient.ini file and was able to make the command work on my system as specified, the only difference is I have a slightly newer version of NSClient++

Code: Select all
[root@localhost nagiosxi]# /usr/local/nagios/libexec/check_nrpe -H 192.168.xxx.xxx -c check_eventlog -a "filter=id=4003"
OK: No entries found|'count'=0;0;5
[root@localhost nagiosxi]# /usr/local/nagios/libexec/check_nrpe -H 192.168.xxx.xxx
I (0.4.4.23 2016-04-05) seem to be doing fine...
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
DevOps Engineer
 
Posts: 15796
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises

Re: Monitoring the Windows Event Log

Postby amitgupta19 » Fri Aug 09, 2019 7:03 am

Thanks Scott

One more difference is that i have Nagios Core 4.4.3 and you have Nagios XI. Hope that it does not matter.

I have updated the NSClient to the latest version.

Now the error has changed:

[amgupta@cblnagios01 libexec]$ ./check_nrpe -H 172.23.xxx.xxx
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with 172.23.xxx.xxx: 1
amitgupta19
 
Posts: 180
Joined: Fri Sep 08, 2017 5:53 am

Re: Monitoring the Windows Event Log

Postby scottwilkerson » Fri Aug 09, 2019 7:17 am

lets try modifying the [/settings/NRPE/server] section of the config to the following:

Code: Select all
[/settings/NRPE/server]
ssl options = no-sslv2,no-sslv3
verify mode = none
insecure = true
use ssl = 1
allow nasty characters = 1
allow arguments = 1
port = 5666
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
DevOps Engineer
 
Posts: 15796
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises

Re: Monitoring the Windows Event Log

Postby amitgupta19 » Mon Aug 12, 2019 7:30 am

Hi Scott,

Finally i am able to get the required result.
Thanks for your support.
My requirement is to check the only system log for the Event ID: 7002 every 30 minutes or 1 hour.

Can you suggest this pls?
amitgupta19
 
Posts: 180
Joined: Fri Sep 08, 2017 5:53 am

Re: Monitoring the Windows Event Log

Postby scottwilkerson » Mon Aug 12, 2019 7:40 am

You would setup a normal Nagios service definition for this check, and set the following in the object to 30 or 60
Code: Select all
check_interval           30
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
DevOps Engineer
 
Posts: 15796
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises

Previous

Return to Nagios Core

Who is online

Users browsing this forum: No registered users and 5 guests