Page 1 of 1
Windows Event Logs monitoring
Posted: Fri Sep 17, 2021 11:36 am
by s.diwakar1
Hi All,
Hope you are doing well !!!
I am using check_nt plugin to monitor my windows machines. Now, I want to monitor event logs on my windows machine, for which I want to use check_nrpe plugin. Is it possible to use both plugins at the same time using a nsclient++ agent on different port?
If yes, please guide me to do so.
Thanks in advance!!!
Re: Windows Event Logs monitoring
Posted: Fri Sep 17, 2021 1:13 pm
by gormank
You should be able to use both plugins at the same time to talk to nsclient without changing anything. Just create the new check with check_nrpe.
Re: Windows Event Logs monitoring
Posted: Fri Sep 17, 2021 2:15 pm
by mcapra
s.diwakar1 wrote:Is it possible to use both plugins at the same time using a nsclient++ agent on different port?
Yes. Within your nsclient configuration file. You can configure NSClient++ with a NRPE server (to receive check_nrpe requests) using the NRPEServer block:
https://docs.nsclient.org/reference/client/NRPEServer/
While stiil maintaining a separate NSClientServer for check_nt:
https://docs.nsclient.org/reference/win ... entServer/
Re: Windows Event Logs monitoring
Posted: Fri Oct 01, 2021 10:13 pm
by s.diwakar1
Hi @gormank, @mcapra,
Thanks for your reply!
Actually, I want to monitor some Event IDs (ex. given below) and want to get an email when any of these event occurred.
4624/4625 Logon success/failure.
4648 Logon specifying alternate credentials.
4672 Special privilege assigned to new logon, check for Privilege level, SID, Username, and Domain.
4673 Sensitive Privilege Use.
Can you please help me to set up the monitoring as per my requirements?
Thanks in advance!