Page 1 of 1
Nagios Event Log
Posted: Wed Jan 25, 2017 3:39 pm
by me@work55
Nagios 3.2.3 and Nagios 4.1
Anyone have a good plugin to monitor Windows Event Logs?
My Windows environment is Windows 2003 Windows 2008 Windows and Windows 2012.
Thanks
Tom
Re: Nagios Event Log
Posted: Wed Jan 25, 2017 3:46 pm
by dwhitfield
One way that you could monitor Windows Event logs is through the Nag Event Log Monitor:
http://exchange.nagios.org/directory/Ad ... og/details
However, it is not one of our company created agent's, and the documentation we have for it is for Nagios XI and not Core, though there may be documentation out there floating around for integration with Core.
You can use NSClient++ for event log monitoring as well.
Re: Nagios Event Log
Posted: Wed Jan 25, 2017 5:27 pm
by me@work55
I use nsclient on all my windows servers
How to set that up using nsclient
Thanks
Re: Nagios Event Log
Posted: Wed Jan 25, 2017 5:48 pm
by dwhitfield
With the caveat that we did not write NSClient, I think
https://docs.nsclient.org/reference/win ... kEventLog/ will set you on the right path.
What version of NSClient are you using? That will help us be more precise in our instructions.
Re: Nagios Event Log
Posted: Wed Jan 25, 2017 6:55 pm
by me@work55
nsclient version is 4.1.73
where is check_eventlog located?
Hope you have the instructions
Re: Nagios Event Log
Posted: Thu Jan 26, 2017 9:41 am
by me@work55
I found this in my nsclient ini file
Code: Select all
; alias_event_log - Alias for alias_event_log. To configure this item add a section called: /settings/external scripts/alias/alias_event_log
alias_event_log = CheckEventLog file=application file=system MaxWarn=1 MaxCrit=1 "filter=generated gt -2d AND severity NOT IN ('success', 'informational') AND source != 'SideBySide'" truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"
But again when is checkeventlog ??????
Thanks TOM
Re: Nagios Event Log
Posted: Thu Jan 26, 2017 11:33 am
by dwhitfield
So, it depends on what exactly you want to check, but let's say you wanted to monitor all warning and critical events on a server for the last 60 minutes. Your check would look like:
Code: Select all
./check_nrpe -H HOSTNAME -p 5666 -c CheckEventLog -a file=system MaxWarn=1 MaxCrit=1 "filter=generated > -1h AND severity = 'error' OR severity = 'informational'"
Your command will end up looking something like
Code: Select all
define command{
command_name check_eventlog
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -p 5666 -t 30 -c CheckEventLog -a filter file=application MaxWarn=1 MaxCrit=1 "filter=generated lt -1h AND severity NOT IN ('success', 'informational')" unique descriptions "syntax=%source% {EventID %id%}[%severity%](Count=%count%)^MDate:%generated%^M%message%^M"
}
Is the NSClient.ini file on all of these machines the same? It might be useful if you upload samples from 2003, 2008, and 2012 if they are different. Thanks!
Re: Nagios Event Log
Posted: Thu Jan 26, 2017 1:53 pm
by me@work55
Thanks a million
After a little tweaking it is now working
now to add to all windows servers
this can be locked as resolved.