Hi.
I want to set up monitoring the Windows Event log for just one specific machine to check for error codes 1443 and 1423
I'm using these directions,
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
and
https://www.nagios.com/solutions/window ... onitoring/
But When I check the agent on the server, it says it cannot connect. Is there a newer version of the agent somerwhhere? Windows 2008r2 64bit.
Error: Could not connect to host 198.xxx.xxx.xxx on port 5667 (2) OK.
Checking Windows Event Log
Re: Checking Windows Event Log
From the Nagios machine, can you run the command nmap 198.xxx.xxx.xxx and post the result?
Also, from the windows machine can you run this and post the output? netstat -anp tcp | find "5667"
Also, from the windows machine can you run this and post the output? netstat -anp tcp | find "5667"
Former Nagios Employee
Re: Checking Windows Event Log
nmap:
nmap 207.xxx.xxx.xxx
Starting Nmap 5.51 ( http://nmap.org ) at 2015-12-16 09:42 EST
Nmap scan report for 207.xxx.xxx.xxx
Host is up (0.066s latency).
Not shown: 989 closed ports
PORT STATE SERVICE
21/tcp open ftp
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1111/tcp open lmsocialserver
1935/tcp open rtmp
3389/tcp open ms-term-serv
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
nmap 207.xxx.xxx.xxx
Starting Nmap 5.51 ( http://nmap.org ) at 2015-12-16 09:42 EST
Nmap scan report for 207.xxx.xxx.xxx
Host is up (0.066s latency).
Not shown: 989 closed ports
PORT STATE SERVICE
21/tcp open ftp
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1111/tcp open lmsocialserver
1935/tcp open rtmp
3389/tcp open ms-term-serv
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
Re: Checking Windows Event Log
From Windows machine:rkennedy wrote:From the Nagios machine, can you run the command nmap 198.xxx.xxx.xxx and post the result?
Also, from the windows machine can you run this and post the output? netstat -anp tcp | find "5667"
>netstat -anp tcp | find "5667"
>
Nothing. I don't think the agent actually runs on Windows 2008r2, or it needs some kind of elevated permissions to run. It says it's running according to services.msc but I can find no evidence of it actually listening on a socket. Is there something newer than this?
Re: Checking Windows Event Log
Did you add the remote server's IP address to the only_from entry in your /etc/xinetd.d/nsca file and restart xinetd on the Nagios server?
What is the output of this command (on the nagios server):
It's likely to be the local firewall on the Nagios server or a firewall in the path that is blocking the port.
Let us know what you find.
Thank you
What is the output of this command (on the nagios server):
Code: Select all
iptables -LLet us know what you find.
Thank you