NCPA Agent 1.7 - WIndows Log Monitoring

[krobertson71]

I see in the 1.7 series release notes that Windows log file monitoring was enabled.

I see see in the API tree on a test host that Logs[] is there, but displays no data like Process or Services does.

I have combed through the documentation and Google and cannot seem to find an answer.

How would I query the Application log of my test Windows machine? http://testmachine:5693/api/logs/??????token=mytoken...

Nothing is working.

Forgot to add
Running NagiosXI2014.r1.4
Redhat Enterprise 6


Thanks for any information on this.

Kris Robertson
Duke Clinical Research Institute

[krobertson71]

Also noticed the agent was installing as a 32 bit agent on a 64 bit Windows 2008 r2 server.

I thought the NCPA 1.72 agent was cross platform, from the look of the 32bit/64bit graph, and contain both 32 bit and 64 bit libraries.

The agent is installing to the Program Files (x86) directory. I think this would prevent it from reading 64 bit formated log systems.

Just and idea. Any feedback on this issue is greatly appreciated.

Kris Robertson , New Customer
Duke Clinical Research Inistitute

[sreinhardt]

The actual path location of ncpa should not be dictating which version you actually get, but I can certainly check to make sure it is installing the 64 bit binary and not a 32bit version. As for log monitoring, this is planned, but I do not believe the full implementation made it to 1.7.2, and hence why it appears empty to you at this time.

[krobertson71]

The actual path location of ncpa should not be dictating which version you actually get, but I can certainly check to make sure it is installing the 64 bit binary and not a 32bit version. As for log monitoring, this is planned, but I do not believe the full implementation made it to 1.7.2, and hence why it appears empty to you at this time.

Thank you for responding.

I was starting to believe this was the case.

Still wonder why it was listed in the release notes for 1.7.0

1.7.0 - 07/29/2014

Added full tests for NRDP
Added realtime graphs
Added Windows Event Log monitoring
......

[krobertson71]

On the same note.

Is there a really good solution for log monitoring in Windows for Nagios XI. I know there is a binary you can install, but this is cludgy at best with C++ errors thrown during install and is also developed by a single person, which has it's own levels of concern.

There is NSClient++, which is nice, but the NCPA agent with the API interface opens up all kinds of doors for external intergrations, like status information on Sharepoint sites, etc...

Are there plans for the NCPA to me more robust in this area? I know here a Duke we monitor Windows logs on many servers. I am starting to get concerned around this issue as we are getting closer to a production implementation, replacing Foglight. The tool is exceptional is so many other areas but this one. We are saving over 120k a year by swithcing and still maintaining the same level, if not better in some, of functionality that we had in Foglight.

I supposed we could do something with Logstash but that would be a work around.

Just curious.

I will be attending the conference in St. Paul in October and will definately be going to the Log Monitoring in Nagios talk.

[scottwilkerson]

@krobertson71 - 2 weeks and 25 minutes from now, in my Log Monitoring talk at the Nagios World Conference in St. Paul I will have exactly what you are looking for, and all the necessary information.

I cannot give any further details than that at this time, except to say it will solve all you log monitoring needs...

Log Monitoring and Log Management With Nagios

[lmiltchev]

Are there plans for the NCPA to me more robust in this area?

Not in a near future, however it is possible.

I will be attending the conference in St. Paul in October and will definately be going to the Log Monitoring in Nagios talk.

I am sure you will enjoy the "Log Monitoring and Log Management With Nagios" talk. We look forward to seeing you at the conference.

[WillemDH]

Hello,

I'm looking forward to more log monitoring options. At this moment I'm using real-time eventlog monitoring from NSClient++ 0.4.1.101, which is sending all errors to Nagios XI, excluding filtered events. The nsclient config file is being generated and updated automatically every time a new event is excluded with the new exclusions. All the exclusions are stored in a sql db.

Grtz

Willem

[lmiltchev]

@WillemDH

I believe it's important to have more options (choices) besides NagEventLog agent and NSClient++ for event log monitoring. BTW, how is the "real-time eventlog monitoring" with NSClient++ working for you? Do you want to share any pros and cons?

[krobertson71]

@krobertson71 - 2 weeks and 25 minutes from now, in my Log Monitoring talk at the Nagios World Conference in St. Paul I will have exactly what you are looking for, and all the necessary information.

I cannot give any further details than that at this time, except to say it will solve all you log monitoring needs...

Log Monitoring and Log Management With Nagios

I look forward to attending your talk and meeting you.