NSClient++ and CheckEventLog

[lmiltchev]

This doesn't seem like a typical NSClient++ install... There is no nsclient.ini (or NSC.ini), nsclient.log, etc. What is the NSClient++ version? Can you run the following command on your nagios server against the Windows box and show us the output?

Code: Select all

./check_nt -H <client ip> -p 12489 -s <password> -v CLIENTVERSION

Where is the config file?

[bryceee]

This is the old version of client we are currently running which is nsclient from 2008 I think

[slansing]

I don't see anything in there that deals with event log checking, unfortunately. Besides that, those nrpe checks are against .exe files, which I have no way of determining the output of myself, the output has surely changed since 2008 though.

[bryceee]

Yeah thats what I was afraid of.

Are there any other clients for monitoring windows servers?

[bryceee]

Okay I have it displaying what I want

I have use the following command
# Check EventLog
define command{
command_name check_eventlog
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -p 5666 -t 30 -c CheckEventLog -a filter file=application MaxWarn=1 MaxCrit=1 "filter=generated lt -1h AND severity NOT IN ('success', 'informational')" unique descriptions "syntax=%source% {EventID %id%}[%severity%](Count=%count%)^MDate:%generated%^M%message%^M"
}

The only issue I am having is its not emailing me when there are warnings/criticals. It displays them in the console but I dont get an email.
I get emails if the host services or the host is down.

This is what I have the server setup with on nagios

#Define a service to "Check EventLog System"
define service{
use generic-service
host_name MELSPLUNK01
service_description Event Log
check_command check_eventlog
}

in my templates the generic-service is configured as follows
# Generic service definition template - This is NOT a real service, just a template!

define service{
name generic-service ; The 'name' of this service template
active_checks_enabled 1 ; Active service checks are enabled
passive_checks_enabled 1 ; Passive service checks are enabled/accepted
parallelize_check 1 ; Active service checks should be parallelized (disabling this can lead to major performance problems)
obsess_over_service 1 ; We should obsess over this service (if necessary)
check_freshness 0 ; Default is to NOT check service 'freshness'
notifications_enabled 1 ; Service notifications are enabled
event_handler_enabled 1 ; Service event handler is enabled
flap_detection_enabled 1 ; Flap detection is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information across program restarts
retain_nonstatus_information 1 ; Retain non-status information across program restarts
is_volatile 0 ; The service is not volatile
check_period 24x7 ; The service can be checked at any time of the day
max_check_attempts 3 ; Re-check the service up to 3 times in order to determine its final (hard) state
normal_check_interval 60 ; Check the service every 10 minutes under normal conditions
retry_check_interval 30 ; Re-check the service every two minutes until a hard state can be determined
contact_groups admins ; Notifications get sent out to everyone in the 'admins' group
notification_options w,u,c,r ; Send notifications about warning, unknown, critical, and recovery events
notification_interval 60 ; Re-notify about service problems every hour
notification_period 24x7 ; Notifications can be sent out at any time
register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL SERVICE, JUST A TEMPLATE!
}


I appreciate the hepl
Bryce

[Box293]

The only issue I am having is its not emailing me when there are warnings/criticals. It displays them in the console but I dont get an email.
I get emails if the host services or the host is down.

Are the members of the contact group "admins" allowed to receive warning and critical alerts?