Page 1 of 2
Monitoring Windows Event Logs
Posted: Fri Jan 21, 2011 3:10 pm
by josh.rodriguez
Can anyone provide some documentation on Monitoring Windows Event Logs from Nagios XI?
Re: Monitoring Windows Event Logs
Posted: Mon Jan 24, 2011 10:34 am
by rdedon
Hello Josh,
I have emailed you some information that will hopefully help. Please respond here if that is not quite you you are after or have any additional questions.
Thanks!
Re: Monitoring Windows Event Logs
Posted: Mon Jan 24, 2011 12:56 pm
by admin
We just created a new document that describes how to monitor event logs on Windows systems using the NagEventLog agent. A new monitoring wizard was just created for this as well.
You can read the step-by-step guide for monitoring event logs at:
http://library.nagios.com/library/produ ... -nagios-xi
Hope that helps.
Re: Monitoring Windows Event Logs
Posted: Thu Jan 27, 2011 1:18 pm
by josh.rodriguez
Thanks. I will give this a try.
Re: Monitoring Windows Event Logs
Posted: Thu Jan 27, 2011 3:05 pm
by rdedon
Thank you and just contact us again if you require any additional assistance.
Re: Monitoring Windows Event Logs
Posted: Fri Jan 28, 2011 3:43 pm
by josh.rodriguez
I have followed the step by step guide and when I test NSCA daemon i receive
Error: could not connect to host 10.x.x.x on port 5667 (2)
I verified that the service is running and is not being blocked by a firewall.
Any ideas?
Re: Monitoring Windows Event Logs
Posted: Mon Jan 31, 2011 11:23 am
by mguthrie
You'll need to make sure you've added your client machine to the list of allowed hosts under xinetd.
Edit
/etc/xinet.d/nsca
and add your client machine to the list of allowed addresses, then restart xinetd.
Make sure your nsca password and encryption method are set on both the send_nsca.cfg (client) and the nsca.cfg (server).
http://library.nagios.com/library/produ ... -nagios-xi
Re: Monitoring Windows Event Logs
Posted: Mon Jan 31, 2011 11:56 am
by josh.rodriguez
Thanks for the reply. I have done those things already.
here is my nsca config
# default: on
# description: NSCA (Nagios Service Check Acceptor)
service nsca
{
flags = REUSE
socket_type = stream
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nsca
server_args = -c /usr/local/nagios/etc/nsca.cfg --inetd
log_on_failure += USERID
disable = no
only_from = 10.0.199.145
{
Also, password on the client (10.0.199.145) matches the nsca.cfg file.
Re: Monitoring Windows Event Logs
Posted: Wed Feb 02, 2011 2:48 pm
by rdedon
I noticed on the end there you have a "{", could you please invert that to a "}" (no quotes) if that is how it appears in the code. And respond with results?
Thank you.
Re: Monitoring Windows Event Logs
Posted: Thu Feb 03, 2011 9:09 am
by josh.rodriguez
Made that change and still the same result.
{
flags = REUSE
socket_type = stream
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nsca
server_args = -c /usr/local/nagios/etc/nsca.cfg --inetd
log_on_failure += USERID
disable = no
only_from = 10.0.199.145
}