Event Logs monitoring for the windows

[informatica]

Hi Team,

Could you please help us to how to enable the eventlog monitoring for the reboot of windows servers. We would like to monitor both eventlog and eventID.

We have installed with nsclient in windows servers. if you have any document which is already shared by somebody in forum please share with us.

[benjaminsmith]

Hi @ informatica,

The path of least resistance here would be to use the built-in Windows Event Log Configuration Wizard in Nagios XI. Just got to Configure > Start Monitoring Now and search for Windows Event Log.

This Wizard does require NCPA to work but you can install both agents on the system.

https://assets.nagios.com/downloads/ncp ... g-NCPA.pdf

The other option would be to manually set up checks using NSClient. This is a third-party plugin, the documentation for CheckEventLog is available here:

https://docs.nsclient.org/reference/win ... kEventLog/

Hope that helps get you started, let us know if you have any more questions.
--Benjamin

[informatica]

i remember there is word document which is already given step by step for the enable of windows log/event monitoring one of user account in nagios forum.

Can you please provide the same ??

[benjaminsmith]

Hi @informatica,

Most of the forum posts are referencing the older method using NagEventLog (not recommended). We are now using NPCA in the Windows Event Log configuration wizard.

The NCPA documentation as API reference for Windows Event Logs for more details beyond the wizard:
https://www.nagios.org/ncpa/help.php#api-modules-logs

Forum References for NCPA Event Logs
https://www.nagios.org/ncpa/help.php#api-modules-logs
https://support.nagios.com/forum/viewto ... =6&t=45881

Let me know if that helps get you started.

[informatica]

Hi Team ,

We are using the ns client. Could you please provide the command for restart event ID and logs monitoring.

[lmiltchev]

I am not sure what document you are referring to, but here's a couple of places, where you could get more information on Windows Event Log monitoring:

https://support.nagios.com/kb/article/l ... s-787.html

https://www.medin.name/blog/2012/03/20/ ... -nsclient/

I would also want to point out that NSClient++ is NOT one of our products. Many Nagios XI users have been running it over the years. However, we are moving away from it, and replacing it with NCPA, which is our product. It is actively developed, and more importantly, it is supported by us.

I would recommend that for any questions on monitoring Windows Event Logs via NSClient++ you contact the NSClient++ support.

[optionstechnology]

check_nrpe -H $HOSTADDRESS$ -c check_eventlog -a file=system show-all scan-range=-9h "crit=level='information'" "filter=level in ('information') AND id in (1074)" "top-syntax=${problem_list}" detail-syntax="%(message)"

(note this syntax is needed because the check ignores informational event logs by default)

Also make sure the CheckEventLog module is enabled

[lmiltchev]

Thank you @optionstechnology!