NagEvLogCtrl Installation - Windows 2008 Server R2
Re: NagEvLogCtrl Installation - Windows 2008 Server R2
Thanks WillemDH for the link, it is very helpful.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: NagEvLogCtrl Installation - Windows 2008 Server R2
Hi ,
Currently we are monitoring using Patrol windows event log Application which monitors all Windows events logs of registered sources by default, Unless it is mentioned in the exclusion list.
Windows Event log monitoring exclusion list (following sources must be excluded from event log monitoring). This is the template applied across all patrol windows servers.
Application events
"/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Summary/SourceList/list" = { MERGE = "BROWSER,Citrix SSL Relay,DataCollectionAgent,FRPrintService,MetaFrameEvents,UserEnv,Userenv,DSM,AdsmClientService,WebSphere MQ,VSS,MsiInstaller,Perflib,crypt32,Citrix System Monitoring Agent,ReInitAgent,PatrolAgent,COM+,.Net Runtime,.NET Runtime,Application Error,Application Hang,WinMgmt,Winlogon,Gemalto Access Client,Citrix HDX MediaStream for Flash,ESENT,Microsoft Office Document Imaging,Microsoft Office 11,Microsoft Office 12,Microsoft Office 12 Sessions,Microsoft-Windows-Perflib,Microsoft-Windows-WMI,Microsoft-Windows-User Profiles Service,HP System Management Homepage,SideBySide,VxSvc_sysprov,SmsClient,sshd,VxSvc_sysprov,SQLISPackage100,syslog-ng Agent,SQLISPackage110" }
System events
"/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/System/EventFilters/Summary/SourceList/list" = { MERGE = "BROWSER,DCOM,TermServDevices,TermService,Print,SAVOnAccessFilter,Cdm,NETLOGON,Service Control Manager,ClusSvc,ClusDisk,MRxSmb,Windows Update Agent,SAVOnAccessControl,SAVOnAccess,W32Time,Removable Storage Service,TermDD,Microsoft-Windows-GroupPolicy,Microsoft-Windows-DistributedCOM,Microsoft-Windows-TerminalServices-Printers,Microsoft-Windows-User Profiles Service,Schannel,UmrdpService,Gestion du stockage amovible" },
I want to perform the same in Nagios is this possible ? If yes can anyone please guide me the steps to perform this ?
It would be very helpful.
Thanks in advance
Currently we are monitoring using Patrol windows event log Application which monitors all Windows events logs of registered sources by default, Unless it is mentioned in the exclusion list.
Windows Event log monitoring exclusion list (following sources must be excluded from event log monitoring). This is the template applied across all patrol windows servers.
Application events
"/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Summary/SourceList/list" = { MERGE = "BROWSER,Citrix SSL Relay,DataCollectionAgent,FRPrintService,MetaFrameEvents,UserEnv,Userenv,DSM,AdsmClientService,WebSphere MQ,VSS,MsiInstaller,Perflib,crypt32,Citrix System Monitoring Agent,ReInitAgent,PatrolAgent,COM+,.Net Runtime,.NET Runtime,Application Error,Application Hang,WinMgmt,Winlogon,Gemalto Access Client,Citrix HDX MediaStream for Flash,ESENT,Microsoft Office Document Imaging,Microsoft Office 11,Microsoft Office 12,Microsoft Office 12 Sessions,Microsoft-Windows-Perflib,Microsoft-Windows-WMI,Microsoft-Windows-User Profiles Service,HP System Management Homepage,SideBySide,VxSvc_sysprov,SmsClient,sshd,VxSvc_sysprov,SQLISPackage100,syslog-ng Agent,SQLISPackage110" }
System events
"/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/System/EventFilters/Summary/SourceList/list" = { MERGE = "BROWSER,DCOM,TermServDevices,TermService,Print,SAVOnAccessFilter,Cdm,NETLOGON,Service Control Manager,ClusSvc,ClusDisk,MRxSmb,Windows Update Agent,SAVOnAccessControl,SAVOnAccess,W32Time,Removable Storage Service,TermDD,Microsoft-Windows-GroupPolicy,Microsoft-Windows-DistributedCOM,Microsoft-Windows-TerminalServices-Printers,Microsoft-Windows-User Profiles Service,Schannel,UmrdpService,Gestion du stockage amovible" },
I want to perform the same in Nagios is this possible ? If yes can anyone please guide me the steps to perform this ?
It would be very helpful.
Thanks in advance
Regards,
Ranjit W
Ranjit W
Re: NagEvLogCtrl Installation - Windows 2008 Server R2
The posted guide gives a few examples of setting up NSClient filters. However at this point I feel I need to mention that XI is not the tool for the job of log monitoring. This would be a fairly trivial task in Nagios Logserver, which we wrote specifically because of the clumsiness of third-party log parsing plugins. At a certain point we're likely to reach a limitation in NSClient or even XI itself that wouldn't be an issue in Logserver.
Not meaning to provide a sales pitch here, but it's the right technical solution to this problem.
Not meaning to provide a sales pitch here, but it's the right technical solution to this problem.
Former Nagios employee
Re: NagEvLogCtrl Installation - Windows 2008 Server R2
Hi tcmdonald,
For my requirement is it possible to monitor using the available plugins ?
For my requirement is it possible to monitor using the available plugins ?
Regards,
Ranjit W
Ranjit W
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: NagEvLogCtrl Installation - Windows 2008 Server R2
You can do this with the info info provided here but it will take a quite a bit of work as @tmcdonald pointed out because you will have to define the filters (like the examples on the website).
Re: NagEvLogCtrl Installation - Windows 2008 Server R2
The way I did it is like this => We start sending all errors to Nagios XI. If something does not need to be monitored we add it to a MSSQL table which holds all the exclusions based on a combination of eventid, source and host with a comment linked to a ticket. Nsclient.ini files on hosts with new exclusions are automatically updated with Nagios Reactor.
In the beginning it was quite noisy, but after some time (> 2 years now) we almost have no noise anymore and are catching some errors that any premade filter would never catch.
I did not release the script which assembles the exclusions in the nsclient.ini on the Nagios Exchange and I'm not planning too in short terms. It would just create too much questions and specific requests from users and I'm getting enough questions already with my current Nagios Exchange portfolio.
So if you want to go this way you will need some scripting skills, preferably Powershell to create something similar yourself. Basically you just needs something that add
for each exclusion and replace the id / source with the id / source in your exclusion list.
Grtz
In the beginning it was quite noisy, but after some time (> 2 years now) we almost have no noise anymore and are catching some errors that any premade filter would never catch.
I did not release the script which assembles the exclusions in the nsclient.ini on the Nagios Exchange and I'm not planning too in short terms. It would just create too much questions and specific requests from users and I'm getting enough questions already with my current Nagios Exchange portfolio.
So if you want to go this way you will need some scripting skills, preferably Powershell to create something similar yourself. Basically you just needs something that add
Code: Select all
AND (id NOT IN (1030) OR source NOT IN ('Userenv'))for each exclusion and replace the id / source with the id / source in your exclusion list.
Grtz
Nagios XI 5.8.1
https://outsideit.net
https://outsideit.net
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: NagEvLogCtrl Installation - Windows 2008 Server R2
Thanks for sharing your experience @WillemDH
-
Box293
- Too Basu
- Posts: 5126
- Joined: Sun Feb 07, 2010 10:55 pm
- Location: Deniliquin, Australia
- Contact:
Re: NagEvLogCtrl Installation - Windows 2008 Server R2
I know how you feel, every new project I create means more maintenanceWillemDH wrote:I'm getting enough questions already with my current Nagios Exchange portfolio.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.