Search Windows log file

[BanditBBS]

Ok, I know and LOVE the check_logfiles from here: http://labs.consol.de/lang/en/nagios/check_logfiles/

That is working so great on my linux servers and I highly recommend it to anyone needing to search a *nix log.

I now need to search a log/txt/whatever file on a Windows server. I use WMI to do all my windows checks, no agent installed, and they'd prefer it to stay that way. With that being said, that means I can't use the above referenced plugin. Anyone have any experience doing it with WMI? is that something I can code into the ini for WMI?

Anyone....Anyone?

[abrist]

*crickets*
I was hoping a community member had an answer for you.
Are you trying to check event logs, or plain text log files?

[BanditBBS]

*crickets*
I was hoping a community member had an answer for you.
Are you trying to check event logs, or plain text log files?

Event log is easy using WMI.

I'm trying to check plain text files. The windows admins are going to have to let me install an agent, no way around that. Also, the log file checker I links in the first message supplies an EXE for windows, so I'm good now I think. Just need to get the agent installed.

[lmiltchev]

I am not sure if this can be done with WMI. If there is a WMI class that would enable you to scan Windows log files for specific patterns, that you could create an ini file check...
http://www.edcint.co.nz/checkwmiplus/?q ... ifilecheck

If this is not an option, I guess you can continue using check_logfiles. It should work on Windows.

Features
...
Windows – The plugin works with Unix as well as with Windows (e.g. with ActiveState Perl).

[BanditBBS]

OMG, I'm dying over here. These people just will not install an agent! I need to figure out a way to read a text file on a windows box, agentless! I am fresh out of ideas as WMI just queries WMI Classes, can't execute a file(that i know of).

[sreinhardt]

I'm sure they don't want to go this route either, but what about sharing the directories with these logs (maybe even symlinking them to a single dir) and allowing the nagios server to mount and check them locally. Less than ideal, yep, but it would work. Otherwise you might look into using nrds_win to passively check the logs and report back via nrds. this would at least only run via scheduled tasks and not be a constant daemon.

edit: in a more serious note than sharing these logs, what about adding the logs to windows event log? I'm sure there is a way to have the eventlog service monitor a flat file, so that you can check it.

[BanditBBS]

OMG OMG OMG OMG OMG OMG OMG OMG OMG OMG OMG OMG OMG OMG OMG OMG

http://secpod.org/blog/?p=661

Tested and works

EDIT: I'll have to copy the check_logfiles.exe to the server and execute it, but this is now agentless

[sreinhardt]

They will let you do that, but not install an agent? Where is your security group in all this, I assume this is using rpc calls to install\uninstall the service, but this is not something I would do personally. It's cool, but not my cup of tea.