Monitoring Windows Event Logs

josh.rodriguez · Post by **josh.rodriguez** » Fri Jan 21, 2011 3:10 pm

Can anyone provide some documentation on Monitoring Windows Event Logs from Nagios XI?

rdedon · Post by **rdedon** » Mon Jan 24, 2011 10:34 am

Hello Josh,
I have emailed you some information that will hopefully help. Please respond here if that is not quite you you are after or have any additional questions.

Thanks!

Post by **admin** » Mon Jan 24, 2011 12:56 pm

We just created a new document that describes how to monitor event logs on Windows systems using the NagEventLog agent. A new monitoring wizard was just created for this as well.

You can read the step-by-step guide for monitoring event logs at:

http://library.nagios.com/library/produ ... -nagios-xi

Hope that helps.

josh.rodriguez · Post by **josh.rodriguez** » Thu Jan 27, 2011 1:18 pm

Thanks. I will give this a try.

rdedon · Post by **rdedon** » Thu Jan 27, 2011 3:05 pm

Thank you and just contact us again if you require any additional assistance.

josh.rodriguez · Post by **josh.rodriguez** » Fri Jan 28, 2011 3:43 pm

I have followed the step by step guide and when I test NSCA daemon i receive

Error: could not connect to host 10.x.x.x on port 5667 (2)

I verified that the service is running and is not being blocked by a firewall.

Any ideas?

mguthrie · Post by **mguthrie** » Mon Jan 31, 2011 11:23 am

You'll need to make sure you've added your client machine to the list of allowed hosts under xinetd.

Edit
/etc/xinet.d/nsca

and add your client machine to the list of allowed addresses, then restart xinetd.

Make sure your nsca password and encryption method are set on both the send_nsca.cfg (client) and the nsca.cfg (server).

http://library.nagios.com/library/produ ... -nagios-xi

josh.rodriguez · Post by **josh.rodriguez** » Mon Jan 31, 2011 11:56 am

Thanks for the reply. I have done those things already.

here is my nsca config
# default: on
# description: NSCA (Nagios Service Check Acceptor)
service nsca
{
flags = REUSE
socket_type = stream
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nsca
server_args = -c /usr/local/nagios/etc/nsca.cfg --inetd
log_on_failure += USERID
disable = no
only_from = 10.0.199.145
{

Also, password on the client (10.0.199.145) matches the nsca.cfg file.

rdedon · Post by **rdedon** » Wed Feb 02, 2011 2:48 pm

I noticed on the end there you have a "{", could you please invert that to a "}" (no quotes) if that is how it appears in the code. And respond with results?

Thank you.

josh.rodriguez · Post by **josh.rodriguez** » Thu Feb 03, 2011 9:09 am

Made that change and still the same result.

{
flags = REUSE
socket_type = stream
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nsca
server_args = -c /usr/local/nagios/etc/nsca.cfg --inetd
log_on_failure += USERID
disable = no
only_from = 10.0.199.145
}

Nagios Support Forum

Monitoring Windows Event Logs

Monitoring Windows Event Logs

Re: Monitoring Windows Event Logs

Re: Monitoring Windows Event Logs

Re: Monitoring Windows Event Logs

Re: Monitoring Windows Event Logs

Re: Monitoring Windows Event Logs

Re: Monitoring Windows Event Logs

Re: Monitoring Windows Event Logs

Re: Monitoring Windows Event Logs

Re: Monitoring Windows Event Logs