Windows Event Logs monitoring

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
s.diwakar1
Posts: 44
Joined: Thu Feb 27, 2020 9:45 am

Windows Event Logs monitoring

Post by s.diwakar1 »

Hi All,

Hope you are doing well !!!

I am using check_nt plugin to monitor my windows machines. Now, I want to monitor event logs on my windows machine, for which I want to use check_nrpe plugin. Is it possible to use both plugins at the same time using a nsclient++ agent on different port?

If yes, please guide me to do so.

Thanks in advance!!!
Thanks & Regards,
Diwakar Sharma
gormank
Posts: 1114
Joined: Tue Dec 02, 2014 12:00 pm

Re: Windows Event Logs monitoring

Post by gormank »

You should be able to use both plugins at the same time to talk to nsclient without changing anything. Just create the new check with check_nrpe.
User avatar
mcapra
Posts: 3739
Joined: Thu May 05, 2016 3:54 pm

Re: Windows Event Logs monitoring

Post by mcapra »

s.diwakar1 wrote:Is it possible to use both plugins at the same time using a nsclient++ agent on different port?
Yes. Within your nsclient configuration file. You can configure NSClient++ with a NRPE server (to receive check_nrpe requests) using the NRPEServer block:
https://docs.nsclient.org/reference/client/NRPEServer/

While stiil maintaining a separate NSClientServer for check_nt:
https://docs.nsclient.org/reference/win ... entServer/
Former Nagios employee
https://www.mcapra.com/
s.diwakar1
Posts: 44
Joined: Thu Feb 27, 2020 9:45 am

Re: Windows Event Logs monitoring

Post by s.diwakar1 »

Hi @gormank, @mcapra,

Thanks for your reply!

Actually, I want to monitor some Event IDs (ex. given below) and want to get an email when any of these event occurred.

4624/4625 Logon success/failure.
4648 Logon specifying alternate credentials.
4672 Special privilege assigned to new logon, check for Privilege level, SID, Username, and Domain.
4673 Sensitive Privilege Use.

Can you please help me to set up the monitoring as per my requirements?

Thanks in advance!
Thanks & Regards,
Diwakar Sharma
Locked