Monitoring windows event viewer log.

[RIDS_I2MP]

Hi Team,

WE have a requirement to monitor the event viewer for errors.

Whenever a specific error is generated alert should be send to the required contact.

Is this possible using Nagios XI 2014R2.7.

[lmiltchev]

There are many ways of doing this. You will need to decide which one works the best for you (your environment/budget).

You could use NagEventLog with Nagios XI:
https://assets.nagios.com/downloads/nag ... entLog.pdf

You could also use the check_winevent plugin:
https://www.itefix.net/check_winevent

Probably a better solution would be to use real time event log monitoring with NSClient++ and Nagios XI:
https://www.medin.name/blog/2012/03/20/ ... -nsclient/
https://outsideit.net/real-time-eventlog-monitoring/

The best solution in my opinion would be to use the Nagios Log Server:
https://www.nagios.com/products/nagios-log-server/

Hope this helps.

[RIDS_I2MP]

Hi Team,

I have opted the second option i.e.

You could also use the check_winevent plugin:
https://www.itefix.net/check_winevent

I have mentioned below command under [external scripts] section in NSC.ini file of remote host and placed the check_winevent.exe file in scripts folder:
"check_error_logs=scripts\check_winevent --log application --source "NagiosEventLog" --window "30 minutes" --type error --code 0"

I am trying to monitor the event viewer logs from my nagios host but I am receiving attached error message.

Kindly let us the solution to fix the issue.

[bwallace]

This could be due to a missing component on the Windows machine. Go to event viewer and check the application event log for an entry with "sidebyside" or what ever corresponds to the error message you posted. There you should see what is missing or perhaps it will mention a conflict between components. If in any doubt, post the relevant entries from the application event log here.

For reference:
http://www.codeproject.com/Articles/436 ... -Incorrect
https://support.microsoft.com/en-us/kb/2525435

[lmiltchev]

The check_winevent.exe is a 3rd party plugin. We are not very familiar with it. I would recommend asking you question on the itefix.net support forum as they may be able to resolve your issue a lot faster:
https://www.itefix.net/forums/user-forum

We can also test the plugin in house to see if we will be able to recreate the issue.

Probably a better solution would be to use real time event log monitoring with NSClient++ and Nagios XI:
https://www.medin.name/blog/2012/03/20/ ... -nsclient/
https://outsideit.net/real-time-eventlog-monitoring/

There is a reason why I recommended the use a NSClient++ - it is a more popular solution. You can get more help if you get stuck. Besides, with the check_winevent.exe, you will still need to use NSClient++ with check_nrpe... You will be better off using only one of the two programs. Otherwise, it is just one more thing to install on your Windows server.

[RIDS_I2MP]

Hi team,

Please find the attachment regarding the side by side error.

Kindly let me know what needs to be installed or done to resolve this issue.

[rkennedy]

What architecture are you running on that machine, and what version of Windows?

Additionally, @WillemDH wrote a pretty good article about monitoring event logs on a windows system using NSClient++. You can find it here - https://outsideit.net/real-time-eventlog-monitoring/

[lmiltchev]

When you downloaded the "check_winevent-1.3.zip", in addition to the "check_winevent.exe" file, the zip contained a few directories (bin, cpworkrt, dll, doc, and lib). Copy all of them to the NSClient++ scripts directory.

Note: You may already have a "lib" directory in the scripts folder. Don't overwrite the "original" lib! Just copy the "\path\to\check_winevent-1.3\lib\vrt" directory to "C:\Program Files\NSClient++\scripts\lib".

Test your check again. Let us know if this helped.