Monitoring the Windows Event Log
-
- Posts: 286
- Joined: Fri Sep 08, 2017 5:53 am
Monitoring the Windows Event Log
I am using the Nagios Core 4.4.3 on CentOS.
I have got the requirement to monitor the Windows Event Log.
Can anyone guide me how to do it using the NSClient++?
I know that we can do it using the Nagios Log Server as well, also can you point to any document which has all the details to achieve this using the Nagios Log Server.
I have got the requirement to monitor the Windows Event Log.
Can anyone guide me how to do it using the NSClient++?
I know that we can do it using the Nagios Log Server as well, also can you point to any document which has all the details to achieve this using the Nagios Log Server.
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Monitoring the Windows Event Log
NSClient only can scan for pre-defined things, here is their documentation
https://docs.nsclient.org/reference/win ... kEventLog/
For Nagios Log Server, see this:
https://assets.nagios.com/downloads/nag ... Server.pdf
https://docs.nsclient.org/reference/win ... kEventLog/
For Nagios Log Server, see this:
https://assets.nagios.com/downloads/nag ... Server.pdf
-
- Posts: 286
- Joined: Fri Sep 08, 2017 5:53 am
Re: Monitoring the Windows Event Log
I have the requirement to search only the some specific Event ID.
After going through the documentation for the NSClient, i could not find that how do i implement it?
Which script i need to download to my Nagios Server.
What command should i use?
Can you guide me?
After going through the documentation for the NSClient, i could not find that how do i implement it?
Which script i need to download to my Nagios Server.
What command should i use?
Can you guide me?
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Monitoring the Windows Event Log
In the "Checking for specific messages"section here
https://docs.nsclient.org/reference/win ... c-messages
You can see you can apply a filter and specify an id which corresponds to the event id
or you could use just something like the following where the event id you want to use is 903
https://docs.nsclient.org/reference/win ... c-messages
You can see you can apply a filter and specify an id which corresponds to the event id
Code: Select all
check_eventlog "filter=provider = 'Microsoft-Windows-Security-SPP' and id = 903"
Code: Select all
check_eventlog "filter=id = 903"
-
- Posts: 286
- Joined: Fri Sep 08, 2017 5:53 am
Re: Monitoring the Windows Event Log
Hi Scott,
Thanks for your response.
When i try to run the command manually it is giving the following error:
[xxxxxxxxx@cblnagios01 libexec]$ ./check_nrpe -H xxxxxxxx -p 5666 -c checkeventlog "filter=id=7002"
No file specified try adding: file=Application
If you can suggest me what command should i write in the commands.cfg file, and services.cfg file that will be great.
Thanks for your response.
When i try to run the command manually it is giving the following error:
[xxxxxxxxx@cblnagios01 libexec]$ ./check_nrpe -H xxxxxxxx -p 5666 -c checkeventlog "filter=id=7002"
No file specified try adding: file=Application
If you can suggest me what command should i write in the commands.cfg file, and services.cfg file that will be great.
-
- Posts: 286
- Joined: Fri Sep 08, 2017 5:53 am
Re: Monitoring the Windows Event Log
Can anyone look into it?
-
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: Monitoring the Windows Event Log
Hi @amitgupta19 ,
Let me know if you get it working.
The command doesn't look quite right, try running:Can anyone look into it?
Code: Select all
./check_nrpe -H xxxxxxxx -p 5666 -c check_eventlog - a "filter=id=7002"
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
-
- Posts: 286
- Joined: Fri Sep 08, 2017 5:53 am
Re: Monitoring the Windows Event Log
Please find here with the update:
Error remains the same.
[xxxxxxx@cblnagios01 libexec]$ ./check_nrpe -H xxxxxxxx -p 5666 -c check_eventlog - a "filter=id=7002"
No file specified try adding: file=Application
Error remains the same.
[xxxxxxx@cblnagios01 libexec]$ ./check_nrpe -H xxxxxxxx -p 5666 -c check_eventlog - a "filter=id=7002"
No file specified try adding: file=Application
-
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: Monitoring the Windows Event Log
Hello @amitgupta19
It's working on my system.
It looks like there was an extra space in front of the a in the last command. My apologies, can you try it again?
It's working on my system.
It looks like there was an extra space in front of the a in the last command. My apologies, can you try it again?
./check_nrpe -H xxxxxxxx -p 5666 -c check_eventlog -a "filter=id=7002"
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
-
- Posts: 286
- Joined: Fri Sep 08, 2017 5:53 am
Re: Monitoring the Windows Event Log
Hi Benjamin,
Thanks for the clarification, i have typed the whole command instead of copy and pasting. Now it is giving a different e error:
[xxxxxxxx@cblnagios01 libexec]$ ./check_nrpe -H 172.16.xxx.xxx -p 5666 -c check_eventlog -a "filter=id=7002"
Exception processing request: Request contained arguments (not currently allowed, check the allow arguments option).
Thanks for the clarification, i have typed the whole command instead of copy and pasting. Now it is giving a different e error:
[xxxxxxxx@cblnagios01 libexec]$ ./check_nrpe -H 172.16.xxx.xxx -p 5666 -c check_eventlog -a "filter=id=7002"
Exception processing request: Request contained arguments (not currently allowed, check the allow arguments option).