Nagios Support Forum

Thanks WillemDH for the link, it is very helpful.

Hi ,

Currently we are monitoring using Patrol windows event log Application which monitors all Windows events logs of registered sources by default, Unless it is mentioned in the exclusion list.

Windows Event log monitoring exclusion list (following sources must be excluded from event log monitoring). This is the template applied across all patrol windows servers.

Application events


"/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/Application/EventFilters/Summary/SourceList/list" = { MERGE = "BROWSER,Citrix SSL Relay,DataCollectionAgent,FRPrintService,MetaFrameEvents,UserEnv,Userenv,DSM,AdsmClientService,WebSphere MQ,VSS,MsiInstaller,Perflib,crypt32,Citrix System Monitoring Agent,ReInitAgent,PatrolAgent,COM+,.Net Runtime,.NET Runtime,Application Error,Application Hang,WinMgmt,Winlogon,Gemalto Access Client,Citrix HDX MediaStream for Flash,ESENT,Microsoft Office Document Imaging,Microsoft Office 11,Microsoft Office 12,Microsoft Office 12 Sessions,Microsoft-Windows-Perflib,Microsoft-Windows-WMI,Microsoft-Windows-User Profiles Service,HP System Management Homepage,SideBySide,VxSvc_sysprov,SmsClient,sshd,VxSvc_sysprov,SQLISPackage100,syslog-ng Agent,SQLISPackage110" }

System events

"/PSX__P4WinSrvs/PWK__PKMforMSWinOS_config/EventLogMonitoring/System/EventFilters/Summary/SourceList/list" = { MERGE = "BROWSER,DCOM,TermServDevices,TermService,Print,SAVOnAccessFilter,Cdm,NETLOGON,Service Control Manager,ClusSvc,ClusDisk,MRxSmb,Windows Update Agent,SAVOnAccessControl,SAVOnAccess,W32Time,Removable Storage Service,TermDD,Microsoft-Windows-GroupPolicy,Microsoft-Windows-DistributedCOM,Microsoft-Windows-TerminalServices-Printers,Microsoft-Windows-User Profiles Service,Schannel,UmrdpService,Gestion du stockage amovible" },

I want to perform the same in Nagios is this possible ? If yes can anyone please guide me the steps to perform this ?

It would be very helpful.

Thanks in advance

The posted guide gives a few examples of setting up NSClient filters. However at this point I feel I need to mention that XI is not the tool for the job of log monitoring. This would be a fairly trivial task in Nagios Logserver, which we wrote specifically because of the clumsiness of third-party log parsing plugins. At a certain point we're likely to reach a limitation in NSClient or even XI itself that wouldn't be an issue in Logserver.

Not meaning to provide a sales pitch here, but it's the right technical solution to this problem.

Hi tcmdonald,

For my requirement is it possible to monitor using the available plugins ?

You can do this with the info info provided here but it will take a quite a bit of work as @tmcdonald pointed out because you will have to define the filters (like the examples on the website).

The way I did it is like this => We start sending all errors to Nagios XI. If something does not need to be monitored we add it to a MSSQL table which holds all the exclusions based on a combination of eventid, source and host with a comment linked to a ticket. Nsclient.ini files on hosts with new exclusions are automatically updated with Nagios Reactor.
In the beginning it was quite noisy, but after some time (> 2 years now) we almost have no noise anymore and are catching some errors that any premade filter would never catch.
I did not release the script which assembles the exclusions in the nsclient.ini on the Nagios Exchange and I'm not planning too in short terms. It would just create too much questions and specific requests from users and I'm getting enough questions already with my current Nagios Exchange portfolio.
So if you want to go this way you will need some scripting skills, preferably Powershell to create something similar yourself. Basically you just needs something that add
for each exclusion and replace the id / source with the id / source in your exclusion list.

Grtz

Thanks for sharing your experience @WillemDH

WillemDH wrote:I'm getting enough questions already with my current Nagios Exchange portfolio.

I know how you feel, every new project I create means more maintenance