NagiosXI and Windows Event Log Monitoring

[bapt2002]

Hi all I am a newbie to NagiosXI but not to Nagios Core. I currently evaluating XI among other solutions to determine the best option for my organization. The issue I am having is two fold.
1. The Windows clients are unable to connect to the nsca daemon on the server side. I have commented out the only from 127.0.0.1 entry on the server side but still no luck. Any idea what i could be missing? Oh I am using the tiral VmWare image with Nagiox XI 2011R2.4.
2. Is there a working x64bit eventlog agent?

Thanks in advance.

[yancy]

Have you configured NSCA in NagiosXI?

navigate to: http://nagiosip/nagiosxi/admin/

select inbound transfers, and next NSCA. Here your various security settings can be configured.

[yancy]

As a side comment, if your looking to passively monitor the event log, NRDS_win includes a plugin for monitoring the event log.

http://exchange.nagios.org/directory/Ad ... in/details

[bapt2002]

ok thanks I will give this a shot and will let you know the results.

[scottwilkerson]

Let us know when you get it setup.

[bapt2002]

Thanks. I was able to get this working but it doesn't really give me the log entry just that there was an error. Is there a way to have it send the actual log entry?

[yancy]

NRDS_win allows you define which ever plugins you'd like.

Here is a plugin that has more features:
http://exchange.nagios.org/directory/Ad ... ck/details

download it to your plugins directory
C:\Program Files (x86)\Nagios\NRDS_win\plugins

then add the plugin to your config.ini

[services]
elog = .\plugins\elog.exe

here is the default ouptut:
CRITICAL - UmrdpService(11:0:0);Service Control Manager(0:0:34);Microsoft-Windows-DNS-Client(0:2:0);EventLog(0:0:1);Windows Error Reporting(0:0:1);


Run elog.exe -h from the command line for a complete list of arguments.

[bapt2002]

Yancy thanks for your help and response. I actually found this one here that works pretty well. http://exchange.nagios.org/directory/Pl ... ed/details

The issue is now that i can get it to work with current nscleint++ 3.7 in the nsc.ini using external scipts but can't figure out how to get work with 4.0 and the new nsclient.ini format. Can someone help me figure out how to configure the nsclient.ini in v4 to run external scripts? Thanks in advance.

[yancy]

The new nsclient.ini should contain the following:

[/modules]
CheckExternalScripts = 1
NRPEServer = 1

[/settings/External Scripts]
event_log = Eventlog.exe <arguments>

[/settings/default]
allow arguments = 1

I haven't used Eventlog.exe but it looks like a good solution.

Also, we are in the process of releasing a new version of NRDS_win. It would be great if you had any feedback on what did and didn't work for you with NRDS_win.

Thanks!

[bapt2002]

I will give you feedback on NRDS shortly. I amde the changes as you suggested but now i get the following error.

Unknown
Request contained arguments (not currently allowed, check the allow arguments option).

See the ini entry below.
APPLog_WARN = eventlog.exe -e Application -t Warning -m 10 -i 21292,21421,21245,2011,1202,100,0,21423,2003,53258,1517,213