Monitoring Windows Server 2008 Logs

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
m8r
Posts: 3
Joined: Wed May 16, 2012 9:40 am

Monitoring Windows Server 2008 Logs

Post by m8r »

I'm trying to monitor Windows event logs but have trouble with logs that have spaces in them. On my server, I'm running
./check_nrpe -H x.x.x.x -p 5666 ds_check

My ds_check on the server side is below. There is one log entry on 5/10/2012 with this event ID, so it should be grabbing:

ds_check=CheckEventLog file="directory service" MaxWarn=0 MaxCrit=1 "filter.eventID==2087 filter=in" truncate=1024 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"

I ran this ds_check as a simple test to see if the alias worked because I had basically followed the syntax of this, which is working no problem:

eventid137=CheckEventLog file=system MaxWarn=0 MaxCrit=1 "filter.eventID==137 filter=in" truncate=1024 unique descriptions "syntax=%severity%: %source%: %id%: %message% (%count%)"

Regarding the Directory Service log, I've tried:

"file=directory service"
file="directory service"
file=directory\service
file=directory/service
"file=directory\service"
file="directory\service"
file="directory/service"
file="directory/service"

and basically any variation of quotes and back/forward slashes. Can Event logs that have spaces in the names be monitored? I've also tried entering the direct full file path to the Event log with no avail.
Top
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Contact scottwilkerson

Re: Monitoring Windows Server 2008 Logs

Post by scottwilkerson »

this topic on the NSClient++ site describes how to find the name needed
http://www.nsclient.org/nscp/discussion/topic/408

Another one uses inject and it looks like they are wrapping the whole thing in quotes
http://nsclient.org/nscp/ticket/74

Code: Select all

"file=Directory Service"
Former Nagios employee
Creator:
Human Design Website
Get Your Human Design Chart
Top
m8r
Posts: 3
Joined: Wed May 16, 2012 9:40 am

Re: Monitoring Windows Server 2008 Logs

Post by m8r »

I'd already tried wrapping the file variable in quotes, which didn't work.
Top
agriffin
Posts: 876
Joined: Mon May 09, 2011 9:36 am

Re: Monitoring Windows Server 2008 Logs

Post by agriffin »

Did you try following the steps in the first link swilkerson listed? You are possibly not specifying the correct name.

If that doesn't help, please list any errors you run into while experimenting, or what exactly goes wrong if there are no errors.. You may have to check NSClient++'s or Nagios' log files for them.
Top
m8r
Posts: 3
Joined: Wed May 16, 2012 9:40 am

Re: Monitoring Windows Server 2008 Logs

Post by m8r »

Yes, I did. That didn't do anything either. The log comes up as els.evtx, but that didn't do anything either. I don't know how to check the logs.
Top
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Contact scottwilkerson

Re: Monitoring Windows Server 2008 Logs

Post by scottwilkerson »

did you try it with inject as outlined by Michael Medin here?
http://nsclient.org/nscp/ticket/74
Former Nagios employee
Creator:
Human Design Website
Get Your Human Design Chart
Top
Locked

Return to “Nagios XI”