Windows Eventlog Monitoring issue

[ajayy]

hi there,

I am trying to set up the Windows Eventlog plugin on nagiosxi and I cant see any monitoring options to configure. Please look into this and guide me what I am missing here

I did follow the documentation part and I have nageventlog running without any problems?

I want to monitor system, application and security log event on my host machine ..

Please help

Thanks

[nscott]

Just as a quick response, did you follow this doc for setting up the monitoring?

http://assets.nagios.com/downloads/nagi ... entLog.pdf

[ajayy]

I have configured the NSCA agent on Nagios XI server .. Followed the document "Using NSCA With XI" in which I have not touched the bit which says Client installation at the bottom

then Installed nagEventLog on windows machine-- configured the nsca

When setting up the Windowsevent log wizard on nagios xi server, i have seen no monitoring options to configure which I dont understand

please help

thanks

[ajayy]

hi nscott,

I actually been through the NSCA pdf file step by step again .. I forgot to comment out the only_file line

Now i can get the response on nagios xi server,I observed this by doing "generate test Event" on nageventlog client for Application Log

however another question which I have is How do we make the critical issues(red color) to OK(Green) on nagiosxi server. I did acknowledge the event but still it says Critical hence all i want to know is in a live environment if nagios event log detects something indicating critical errors(red color), when we work on those errors and resolve them "will the nagios detect the changes automatically?" or "do we have to do anything for that particular event to be OK(green) on nagiosxi?"

[mguthrie]

Acknowledging a problem will temporarily disable notifications for a host or service until the problem is resolved. If the check is entirely passive, you could send a passive result with an "OK" state through the Service Details->Advanced(tab). Look for the link that says "send passive result".

[matt631]

If the check is entirely passive, you could send a passive result with an "OK" state through the Service Details->Advanced(tab). Look for the link that says "send passive result".

The windows event log wizard is only capable of reporting/displaying passive event results.. Correct?

[agriffin]

No, the Windows Eventlog wizard will set up an active check which periodically queries the Windows machine for new events.

[matt631]

Thanks for clarifying. I must be missing something however as I'm still unclear how nagios can monitor the event log.

I'll attempt to write how I believe it works (you can laugh at my terrible misunderstanding) and then hopefully I'll come out a happy man after some assistance

After setting up the nsca client on the relevant machine doing the behinds the scenes stuff above and running the event configuration wizard in nagiosxi by default Im left with it performing an active check that reports "no check results for service yet" my belief was that the nsca client pushes the check results to nagios therefore making it a passive check as far as nagios was concerned. Are you saying that nagios polls the nsca client for information on a schedule and reports errors if the returned output is different from last time? Therefore making it an active check. In addition how does nagios determine when a issue has been resolved. An active check would usually resolve when the system or service is back up but how can this be applied to an error in the event log. Once an event log issue has been investigated and we wanted to return status back to green Mguthrie suggested sending a passive result with an "OK" state through the Service Details->Advanced(tab)" this in turn did send the status green. But is this the right think to do considering your running an active check and not passive.

Finally if it's an active check should I not be able to configure the polling intervals?

If it's a passive check and I've just installed the event logging services in nagiosxi how will i usually rid myself of "no check results for service yet" and have my status change to green when a passive check will only ever report a failure

[matt631]

Can anyone advise me on my post above, myself and ajay are still alittle confused (just to clarify me and Ajay are from the same company trialing nagios).

Thanks
Matt

[agriffin]

I'd like to apologize for giving you incorrect information. I wasn't too familiar with monitoring Windows Eventlog, but I'm still not sure what made me think it was an active check. Anything using NSCA is a passive check. So your understanding of how it works is more or less correct.

Back to your problem. Nearly all the configuration magic happens on the Windows box through the Nagios EventLog Service Control Manager. Try running NagEvLogCtrl.exe on your Windows box to bring up the configuration interface. From here you can create your log filters. Nagios XI only needs to know the hostnames & names of the services it will be receiving information about; it doesn't need to know how to interpret the results it receives. So the blank Step 4 in the wizard is standard fare for passive checks and is nothing to worry about. Just make sure that in Step 3 of the wizard your EventLog service names match the names of the filters you set up on your Windows box.