HowTo monitor Event Log using WMI

[BWNet]

Hi everybody.

I just setup NagiosXI using the 64bit VMWare image. I configured WMI on a Windows 2003 Enterprise Server which I want to monitor and added this server to NagioxXI using the "Windows WMI Monitoring Wizard". Everything works so far (CPU, RAM, HDD, Processes and Services) except monitoring the Event Log. I checked the boxes that were predefined in the Wizard and it installs ok. But when I generate Errors in the Event Log, the service checks always state "OK - 0 event(s) of at least Severity Level "Error", were recorded in the last 1 hours from the Application,1,1 Event Log."
Is there something I do wrong?

Thanks in advance,
Benjamin

[yancy]

BWNet,

Can you confirm the event log errors where generated in the application event log and not system or security. I believe only the events that are "Error" will trip a warning or critical on Nagios.

Regards,

[BWNet]

Hi,

yes I have Errors in both the Application and the System Event Log:

systemError.JPG

applicationError.JPG

But the Services Monitor doesn't show any errors:

applicationMonitor.JPG

The services are configured using this command generated by the WMI Wizard:
Application: check_xi_service_wmiplus!'wmiagent'!'wmiagent'!checkeventlog!-a 'Application,2,1' -w '1'
System: check_xi_service_wmiplus!'wmiagent'!'wmiagent'!checkeventlog!-a 'System,1,1' -w '1'

[yancy]

can you test the following from the command line:

/usr/local/nagios/libexec/check_wmi_plus.pl -H 192.168.5.99 -m checkeventlog -u administrator -p password -a system -o 2 -3 4

(replace ip address username and password with your own)

Regards,

[yancy]

BWNet,

I did some testing and it looks like there is an error in the default definition.

I posted some example on the FAQ:
http://support.nagios.com/wiki/index.ph ... _Log_Check

Let me know if this works for you.

Regards

[BWNet]

Hi,

sorry for the late reply, but I was on holidays for a few weeks.
It ALMOST works now...but I just found another problem. The System has the correct system time set, but an incorrect timezone setting. This leads to the problem that Nagios thinks, an error message generated a minute ago is already 7 hours old. I installed system-config-date (using yum install system-config-date oder a ssh session) to correct that. But when I try to run system-config-date, I get the following error message:

Code: Select all

Traceback (most recent call last):
  File "/usr/share/system-config-date/system-config-date.py", line 73, in <module>
    useGuiMode(page)
  File "/usr/share/system-config-date/system-config-date.py", line 46, in useGuiMode
    import scdMainWindow
  File "/usr/share/system-config-date/scdMainWindow.py", line 30, in <module>
    import gtk
  File "/usr/lib64/python2.6/site-packages/gtk-2.0/gtk/__init__.py", line 64, in <module>
    _init()
  File "/usr/lib64/python2.6/site-packages/gtk-2.0/gtk/__init__.py", line 52, in _init
    _gtk.init_check()
RuntimeError: could not open display

#

Is there anything I can do to prevent that?

Thanks,
Benjamin

[yancy]

Hi Benjamin,

The timezone issue doesn't seem related to WMI eventlog. Could you re-post your question under a new thread.


Thanks,

-Yancy