Page 1 of 6
Command to check Windows logs
Posted: Thu Sep 17, 2015 11:53 pm
by jamesc23
Hi,
Been looking around on the interwebs and this is the command I found, but doesn't work
$USER1$/check_nrpe -H $HOSTNAME$ -p 5666 -c CheckEventLog -a filter=new file=application MinWarn=0 MinCrit=0 filter-generated=\>1d filter+eventID=="111" filter+eventType==error filter=out filter=all
I'm trying to to monitor application log for an event ID of 111 filtering on error. The error I'm getting in Nagios console is unknown command: checkeventlog
Please kindly advise.
Re: Command to check Windows logs
Posted: Fri Sep 18, 2015 8:04 am
by WillemDH
If you are using NSClient, you better setup real-time eventlog monitoring..
Made a basic guide here:
http://outsideit.net/real-time-eventlog-monitoring/
Hope this helps. I never tried active eventlog checks, as the load is much higher for Nagios.
Grtz
Willem
Re: Command to check Windows logs
Posted: Fri Sep 18, 2015 9:13 am
by hsmith
Thank you, Willem.
@jamesc23, let us know if this works out for you!
Re: Command to check Windows logs
Posted: Fri Sep 18, 2015 12:53 pm
by gormank
For the unknown command: checkeventlog issue check the nsclient.ini for the command.
find /i checkeventlog nsclient.ini
Re: Command to check Windows logs
Posted: Fri Sep 18, 2015 1:47 pm
by hsmith
gormank wrote:For the unknown command: checkeventlog issue check the nsclient.ini for the command.
find /i checkeventlog nsclient.ini
Thank you for the help
Re: Command to check Windows logs
Posted: Sun Sep 20, 2015 11:15 pm
by jamesc23
Thanks all.
I've read through NSCA stuff and I believe I got all necessary steps ready. How do I create or use the command? I can see that I have a service template with check_dummy command.
Please advise.
Many thanks.
Re: Command to check Windows logs
Posted: Mon Sep 21, 2015 5:10 pm
by tmcdonald
Somewhat older docs but the process hasn't changed much:
https://assets.nagios.com/downloads/nag ... ith_XI.pdf
https://assets.nagios.com/downloads/nag ... ith_XI.pdf
Basically, if you have NSCA set up properly they should show up in Unconfigured Objects under the Admin menu, and you can run a wizard from there to import them.
Re: Command to check Windows logs
Posted: Mon Sep 21, 2015 6:38 pm
by jamesc23
Forgive me as I'm very new at this still. I can see unconfigured objects but that's about it. I don't know the arguments to even try to make this work. That documentation doesn't explain how to setup the service to monitor the eventlog.
Re: Command to check Windows logs
Posted: Tue Sep 22, 2015 8:43 am
by tgriep
If they are in the Unconfigured Objects, you would click on them to import them into XI and that is how the service checks will be setup for you.
Re: Command to check Windows logs
Posted: Tue Sep 22, 2015 8:49 am
by eloyd
Sorry, but I need to put the obvious plug in here:
Get Nagios Log Server, send your Windows logs there, make a query in NLS to check for your issue, and then send alerts through Nagios or email from NLS.
There. Commercial over.