Monitoring Windows Event Logs

[centwisit]

I'm brand new to Nagios but I've got it up and running on Ubuntu 12.04. It is returning information on all the default checks for both localhost and the windows servers I've added. I've spent the last day or so digging around trying to figure how to get monitoring of Windows Event Logs and can't seem to figure it out. Is it a default part of core or do I need to add a plugin? I feel like I'm missing something simple but if there is a through tutorial for monitoring Windows Event Logs I would really appreciate it if someone could hook me up.

[slansing]

One way that you could monitor Windows Event logs is through the Nag Event Log Monitor:

http://exchange.nagios.org/directory/Ad ... og/details

However it is not one of our company created agent's, and the documentation we have for it is for Nagios XI and not Core, though there may be documentation out there floating around for integration with Core.

[centwisit]

I've also been tryying to get this to work: http://www.thedailyadmin.com/2010/08/ch ... agios.html.

Has anyone successfully used that format to monitor event logs or something similar ?

[slansing]

You can most definitely use NSClient++ for event log monitoring as well, how are you getting along on this project?

[centwisit]

Could be better. I've got the entries uncommented in the NSClient++ ini and I've added the checks to the commands.cfg file. I'm just not sure how to properly call them to have them display is Nagios.

I get the following errors in the Status Information when it tries to check...maybe because I'm not calling it correctly?

(Return code of 127 is out of bounds - plugin may be missing)

[slansing]

Can you show us how you are calling the plugins? Some examples of the event log check are located in the bottom portion of this document:

http://www.nsclient.org/nscp/wiki/Check ... k_eventlog

[centwisit]

I've got the following in my commands.cfg file:

#Check the Windows System Log for Errors in the last hour
define command{
command_name check_eventlog
command_line $USER1$/check_nrpe -H $HOSTNAME$ -p 5666 -c CheckEventLog -a filter=new file="system" MaxWarn=1 MaxCrit=1 filter-generated=\<1h filter-eventType==error filter=in filter=all
}

I've got the following in my service_definitions.cfg file to call it:

define service(
use generic-service
host_name "servername"
service_description Event Log
check_command check_eventlog
}

[slansing]

Sorry, I meant when you ran it manually, such as so:

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H windows.server.ip. -p 5666 -c CheckEventLog -a filter=new file="system" MaxWarn=1 MaxCrit=1 filter-generated=\<1h filter-eventType==error filter=in filter=all

I receive the following output from one of my Server 2008 R2 box's:

Code: Select all

Eventlog check ok|'eventlog'=0;1;1

Someone ran into this same issue and their resolution is at the bottom of the page, though it seems you have your command defined properly:

http://nsclient.org/nscp/discussion/topic/562

[centwisit]

Ok, so when I run the check manually I get the following:

Code: Select all

Exception processing request: Request command contained illegal metachars!

[slansing]

You must enable the:

Code: Select all

allow_nasty_meta_characters

Option within the Windows server's NSClient/NSC.ini file, set the value to 1 for this line, and restart the NSClient++ service, then you should be good to go.