check_logfiles using NRDP to send individual alerts

[sannatar]

Dear forum,
I am using check_logfiles to monitor event id in windows servers. I get output for 10 errors, in a single msg like below,

CRITICAL - (7 errors, 1 warnings in eventid - server4.protocol-2016-04-07-10-13-44) - 2016-04-07T10:10:20 8128 Using 'xplog70.dll' version '2009.100.6000' to execute extended stored procedure 'xp_msver'. This is an informational message only; no user action is required. ...|winupdate_lines=7 winupdate_warnings=1 winupdate_criticals=7 winupdate_unknowns=0

I would need to individual alerts instead single alert for multiple event ids. For this I tried with nrdp, looks like it is not working. Could someone help with this.

Config file:

Code: Select all

$seekfilesdir = 'C:\\Program Files\\NSClient++\\log';
# where the state information will be saved.

$protocolsdir = 'C:\\Program Files\\NSClient++\\log';
# where protocols with found patterns will be stored.

$scriptpath = 'C:\\Program Files\\NSClient++\\scripts';
# where scripts will be searched for.
$MACROS = {
    CL_HOSTNAME => 'hostname',
    CL_NSCA_HOST_ADDRESS => 'nagios',
    CL_SERVICEDESC => 'WIN_EventID_Monitoring_Passive',
    CL_NSCA_PORT => 5667,
    CL_NSCA_TO_SEC => 60
};
@searches = ({
 tag => 'winupdate',
 type => 'eventlog',
 options => 'eventlogformat="%w src:%s id:%i %m",nosavethresholdcount',
 eventlog => {
 eventlog => 'application',
 include => { 
 eventid => '19019,17152,17664,8128,33090,17137,17573',

 },
 },
criticalpatterns => '.*',
options => 'script',
script => 'ps_nrdp.ps1',
scriptparams => '-url http://nagios/nrdp/ -token xxxxxxxxx -host $CL_HOSTNAME$ -service $CL_SERVICEDESC$ -state $CL_SERVICESTATEID$ -output "$CL_SERVICEOUTPUT$"',
});

Also could you let me know how to enable trace logs for check_logfiles. In Linux I used -d option and it worked, I tried the same here it is not creating any logs.

Thanks

[tmcdonald]

I am pretty sure that's just how that plugin works. You will either need to create multiple services, one for each ID, or use Nagios Logserver, which is much, much better suited for this task.

Can you please clarify what you mean by trace logs? Do you mean verbose plugin output?

[sannatar]

Hi,'

Thanks for your reply.

I am pretty sure that's just how that plugin works. You will either need to create multiple services, one for each ID, or use Nagios Logserver, which is much, much better suited for this task.

We have tested in our environment, For Linux server log monitoring using nrdp in the config file, which is alerting for individual error msg that is read from the log file. The same way I am expecting, with nrdp script in the config file for Windows event id monitoring using check_logfiles. Will that work in windows check_logfiles?

Can you please clarify what you mean by trace logs? Do you mean verbose plugin output?

Yes exactly. I would like to see the verbose messages.

[hsmith]

I'm not completely clear on what you're asking, but let me address some things:

With Nagios Log Server, you can have all of the log information sent to one database, and then query and alert based on the stored information.

As far as having different output for check_logfiles, you would have to reach out to the author of that plugin for help if you want to modify it.

Please let me know if I'm missing any of the information you're requesting.