notification of a specific Event Viewer event

[gornm565]

We need to setup a Nagios alert that would notify us if a particular event occurs in the "System" Event Viewer Log in WIndows.
Event ID 2004
Provider Name="Microsoft-Windows-Resource-Exhaustion-Detector"

I am attaching a screen shot of the event. How do I go about setting that up? We would need an email notification immediately after the event occurs as usually all software starts to fail after this event.

Thank you.

[scottwilkerson]

If you have the NCPA agent on this server you can use the Windows Event Log monitoring wizard

[gornm565]

I don't have NCPA agent on it, so I am trying to install it. Where do I get the token to put into the token field? See attachment.

[scottwilkerson]

I don't have NCPA agent on it, so I am trying to install it. Where do I get the token to put into the token field? See attachment.

You get to choose this, but remember it as you will need it when you run the Wizard from Nagios XI. It is like a password/community string

[gornm565]

Are there any characters not allowed in the string? I used * and I think it broke it as the token is broken up in a few arguments

[ssax]

There shouldn't be any reserved characters in the NCPA agent configs but I assume when you say the token is broken up do you mean in the XI Core Config Manager?

Since the CCM uses ! as a separator in the configs you may need to escape the ! if there is one. That's usually the one that causes the $ARGn$ values to be split.

https://support.nagios.com/kb/article.php?id=580

Please send me a copy of your profile and let me know the hostname that you setup so I can see how it's configured, you can download it from Admin > System Profile by clicking the Download Profile button.