NSCA passive checkeventlog nagios xi

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
hlaten01
Posts: 15
Joined: Thu Feb 15, 2018 1:54 pm

NSCA passive checkeventlog nagios xi

Post by hlaten01 »

Hello everyone; I am try to do passive checks using nsca on NAgios XI with a windows 2016 servers for checkeventlog. I have the Nagios server setup correctly to except passive checks. All the firewall ports are open and I have the NSCA module loaded. I am running Nagios XI Version 5.5.7 on a VMware server. Here is the what I have configured from the nsclient.ini file;
[/modules]

; Undocumented key
CheckExternalScripts = 1

; Undocumented key
CheckHelpers = 1

; Undocumented key
CheckNSCP = 1

; Undocumented key
CheckDisk = 1

; Undocumented key
CheckSystem = 1

; Undocumented key
NSClientServer = enabled

; Undocumented key
NRPEServer = enabled

; NSCAClient - NSCA client can be used both from command line and from queries to submit passive checks via NSCA
NSCAClient = enabled

; CheckEventLog - Check for errors and warnings in the event log.
CheckEventLog = enabled


; TARGET - Target definition for: default
[/settings/NSCA/client/targets/default]

; ENCRYPTION - Name of encryption algorithm to use. Has to be the same as your server i using or it wont work at all.This is also independent of SSL and generally used instead of SSL. Available encryption algorithms are: none = No Encryption (not safe) xor = XOR des = DES 3des = DES-EDE3 cast128 = CAST-128 xtea = XTEA blowfish = Blowfish twofish = Twofish rc2 = RC2 aes128 = AES aes192 = AES aes = AES serpent = Serpent gost = GOST
encryption = none

; TARGET ADDRESS - Target host address
address = nagios.hidden.org
password = SAMEASONNAGIOSXI

; TIMEOUT - Timeout when reading/writing packets to/from sockets.
timeout = 90

; NSCA CLIENT SECTION - Section for NSCA passive check module.
[/settings/NSCA/client]

; HOSTNAME - The host name of the monitored computer. Set this to auto (default) to use the windows name of the computer. auto Hostname ${host} Hostname ${host_lc} Hostname in lowercase ${host_uc} Hostname in uppercase ${domain} Domainname ${domain_lc} Domainname in lowercase ${domain_uc} Domainname in uppercase
hostname = bftest02.this.is.correct

; CHANNEL - The channel to listen to.
channel = NSCA

; Real time filter: default - Definition for real time filter: default
[/settings/eventlog/real-time/filters/vmStatsProvider
alias = vmStatsProvider (I have this service defined)
log = Application
Error = id = 1
maximum age = 5m
ok syntax = "All ok : ${id}"

; Real-time filters - A set of filters to use in real-time mode
[/settings/eventlog/real-time/filters]


; Real-time monitoring - A set of options to configure the real time checks
[/settings/eventlog/real-time]
; REAL TIME CHECKING - Spawns a background thread which detects issues and reports them back instantly.
enabled = true
;STARTUP AGE - The initial age to scan when starting NSClient++
startup age = 5m
destination = NSCA
filter = id = 1 ;event ID

; REAL TIME CHECKING - Spawns a background thread which detects issues and reports them back instantly.
enabled = true

; STARTUP AGE - The initial age to scan when starting NSClient++
startup age = 3m

; LOGS TO CHECK - Comma separated list of logs to check
log = application

; CLIENT HANDLER SECTION -
[/settings/NSCA/client/handlers]

; REMOTE TARGET DEFINITIONS -
[/settings/NSCA/client/targets]


; INCLUDED FILES - Files to be included in the configuration
[/includes]


; Eventlog configuration - Section for the EventLog Checker (CheckEventLog.dll).
[/settings/eventlog]

; SYNTAX - Set this to use a specific syntax string for all commands (that don't specify one).
syntax = UNKNOWN

; DEBUG - Log more information when filtering (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.
debug = false

; BUFFER_SIZE - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
buffer size = 131072

; LOOKUP NAMES - Lookup the names of eventlog files
lookup names = true


; Script wrappings - A list of templates for defining script commands. Enter any command line here and they will be expanded by scripts placed under the wrapped scripts section. %SCRIPT% will be replaced by the actual script an %ARGS% will be replaced by any given arguments.
[/settings/external scripts/wrappings]

; Batch file - Command used for executing wrapped batch files
bat = scripts\\%SCRIPT% %ARGS%

; Visual basic script - Command line used for wrapped vbs scripts
vbs = cscript.exe //T:30 //NoLogo scripts\\lib\\wrapper.vbs %SCRIPT% %ARGS%

; POWERSHELL WRAPPING - Command line used for executing wrapped ps1 (powershell) scripts
ps1 = cmd /c echo If (-Not (Test-Path "scripts\%SCRIPT%") ) { Write-Host "UNKNOWN: Script `"%SCRIPT%`" not found."; exit(3) }; scripts\%SCRIPT% $ARGS$; exit($lastexitcode) | powershell.exe /noprofile -command -
Top
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: NSCA passive checkeventlog nagios xi

Post by cdienger »

It looks like you're missing the scheduler module/section that dictates when and what commands are run:

https://docs.nsclient.org/howto/nsca/
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Top
Locked

Return to “Nagios XI”