Re: Command to check Windows logs
Posted: Mon Oct 26, 2015 10:53 pm
Hope the file provides enough details.
Thanks.
Thanks.
Nagios Support Forum
Support for Nagios products and services
https://support.nagios.com/forum/
Command to check Windows logs
Page 5 of 6
Re: Command to check Windows logs
Posted: Tue Oct 27, 2015 12:58 am
Can you please post your most recent nsclient.ini file.
Re: Command to check Windows logs
Posted: Tue Oct 27, 2015 5:37 pm
here it is.
Re: Command to check Windows logs
Posted: Wed Oct 28, 2015 1:08 am
I believe this is your issue:
It's missing a closing bracket at the end:
Code: Select all
filter = level IN (error) AND (id IN (3006,3007)Code: Select all
filter = level IN (error) AND (id IN (3006,3007))Re: Command to check Windows logs
Posted: Wed Oct 28, 2015 7:52 pm
Thanks. Unfortunately, it didn't make any difference.
Re: Command to check Windows logs
Posted: Thu Oct 29, 2015 1:13 am
OK so I believe the reason why Willem's guide isn't working for you is because he is using NSClient 0.4.1.105 and you're using 0.4.3.143. Don't get me started on how frustrating it is that the developer makes major changes in functionality in minor version releases. If you're gonna re-write something, then start with a new module! /EndRant
However with a bit of playing I have something sort of working:
Using some Powershell commands you can insert an event into a log:
https://scompanion.wordpress.com/2012/0 ... owershell/
I still think the filter I created above needs some work, however I was able to receive the events in Nagios XI - remember to check Admin > Monitoring Config > Unconfigured Objects.
Let us know how you go ... I've pulled enough hair out today
However with a bit of playing I have something sort of working:
Code: Select all
[/settings/eventlog/real-time/filters/RAID_Windows_Event]
log= application
filter=level =1
id= 3006,3007
severity= CRITICAL
ok message= Found no RAID related eventlogs last three days.
target= NSCA
maximum age= 3dhttps://scompanion.wordpress.com/2012/0 ... owershell/
Code: Select all
$evt=new-object System.Diagnostics.Eventlog("Application")
$evt.Source="Culham.net"
$evtNumber=3006
$evtDescription="This is a test event"
$infoevent=[System.Diagnostics.EventLogEntryType]::Error
$evt.WriteEntry($evtDescription,$infoevent,$evtNumber)
$infoevent=[System.Diagnostics.EventLogEntryType]::Error
$evt.WriteEntry($evtDescription,$infoevent,$evtNumber)Let us know how you go ... I've pulled enough hair out today
Re: Command to check Windows logs
Posted: Tue Nov 03, 2015 10:50 pm
Thanks very much box293. Unfortunately, I still can't get it to work.
Changed codes to what you've provided.
[/settings/eventlog/real-time/filters/RAID_Windows_Event]
log= application
filter=level =1
id= 3006,3007
severity= CRITICAL
ok message= Found no RAID related eventlogs last three days.
destination= NSCA
maximum age= 3d
Changed codes to what you've provided.
[/settings/eventlog/real-time/filters/RAID_Windows_Event]
log= application
filter=level =1
id= 3006,3007
severity= CRITICAL
ok message= Found no RAID related eventlogs last three days.
destination= NSCA
maximum age= 3d
Re: Command to check Windows logs
Posted: Tue Nov 03, 2015 11:07 pm
Are you able to submit an event using the poweshell command, does it come through?
Re: Command to check Windows logs
Posted: Fri Nov 06, 2015 12:41 am
Yep. Events go through using powershell. I can see them within event viewer.
Re: Command to check Windows logs
Posted: Fri Nov 06, 2015 3:38 pm
This is taken from a working one that I've tested:
Try changing the necessary information, test it, and let us know.
Thank you
Try changing the necessary information, test it, and let us know.
Thank you
Code: Select all
n1= NSCAClient
[/settings/NSCA/n1]
channel = NSCA1
[/settings/NSCA/n1/targets/default]
host=X.X.X.X
encryption=none
password=mypassword
A set of options to configure the real time checks
[/settings/eventlog/real-time]
; DEBUG - Log missed records (usefull to detect issues with filters) not usefull in production as it is a bit of a resource hog.
debug = 0
; REAL TIME CHECKING - Spawns a backgrounnd thread which detects issues and reports them back instantly.
enabled = true
; LOGS TO CHECK - Comma separated list of logs to check
log = application,system
; STARTUP AGE - The initial age to scan when starting NSClient++
startup age = 20m
; A set of filters to use in real-time mode
[/settings/eventlog/real-time/filters]
[/settings/eventlog/real-time/filters/default]
; DESTINATION - The destination for intercepted messages
;destination=NSCA
; MAXIMUM AGE - How long before reporting "ok" (if this is set to off no ok will be reported only errors)
;maximum age= 20m
; OK MESSAGE - This is the message sent periodically whenever no error is discovered.
ok message= eventlog found no records test default
; SYNTAX - Format string for dates
syntax=%type% %id% %source%: %message%
[/settings/eventlog/real-time/filters/Log_win_app_warning]
log= application
filter=level= 2 AND (id NOT IN (4,5))
severity= warning
ok message= Autoreset, found no records in application eventlog
target=NSCA1
maximum age= 20m