Command to check Windows logs

[ssax]

I think I understand what you're looking for, first we need to know exactly how you would like to monitor it, there are two ways.

Active
- Nagios will reachout to the server at the specified check_interval and check the logs.
- There could be a delay using this since nagios is reaching out to poll the server at your specified interval.

Passive
- You can use NSClient++'s real-time event logging that will immediately send an alert to nagios if it detects an event log entry you're looking for.

If you want passive/real-time you should follow Willem's guide here:

http://outsideit.net/real-time-eventlog-monitoring/

Let me know which one you are looking to use and then I can go into more detail on what to do.

[eloyd]

Or we could sell you a license for Nagios Log Server and you could log all your Windows events and search them more easily, including dashboards and alerts sent via NRDP to Nagios or directly via email!

[WillemDH]

If you want passive/real-time you should follow Willem's guide here:

http://outsideit.net/real-time-eventlog-monitoring/

If you are not able to configure real-time eventlog monitoring with my 'basic' guide, please let me know what is missing. Then I'll try to improve it.

[hsmith]

Thank you Willem/Eric

@jamesc23, let us know if you need any assistance.

[jamesc23]

Sorry guys. I've been away for 2 weeks.

So, I created windows event log using monitoring wizard and played around with the settings and have managed to get application event log to work. The other event logs are saying active checks are disabled for this service.

I'm guessing active checks shouldn't be enabled for these services as they're passive services?

Back to application event log where I've managed to get it to work. How do I report on a particular event ID in a case of either warning or critical?

Not sure if I'm on the right path.

[Box293]

So, I created windows event log using monitoring wizard and played around with the settings and have managed to get application event log to work

How do I report on a particular event ID in a case of either warning or critical?

Can you show us the settings you defined to make it work.

[jamesc23]

So, I followed willemdh's guide and I ended up with getting the service I created earlier to work. At the moment it's not reporting on anything because I'm not sure what to do after this.

I'm guessing the check command isn't the correct one?

[tmcdonald]

That screenshot is a bit troubling - what Nagios XI version are you on? That screenshot typically only comes from very, very old systems, and an upgrade might be in order if that is the case.

[WillemDH]

Hello james,

So, I followed willemdh's guide and I ended up with getting the service I created earlier to work. At the moment it's not reporting on anything because I'm not sure what to do after this.

I'm guessing the check command isn't the correct one?

My guid explains how to setup passive real-time monitoring. The majority of the config is in the nsclient.ini. Check_dummy is just used to reset the service after x time. Try to generate an event on the Windows server that is compliant with the filter you made. If possible, please also post your real-time config here.

And yes that screenshot looks like something I've never seen before. The new XI 5 is really worth upgrading to.

Grtz

[hsmith]

Thank you Willem.

@jamesc23, Let us know if this is something you can do. Thanks!