Configure nslog.conf for DFSR logging

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
james.liew
Posts: 59
Joined: Wed Feb 22, 2017 1:30 am

Configure nslog.conf for DFSR logging

Post by james.liew »

Hi all,

I'm trying to configure the nslog client to log for DFSR replication. Like below.

I'm having trouble determining the exact Syntax to use :(
2017-05-04_11-15-16.png
Can I just add <Select Path="DFS Replication">*</Select>\ in the query list?

This is my current query list:

Code: Select all

Query  <QueryList>\
                       <Query Id="0">\
                         <Select Path="System">*</Select>\
                         <Select Path="Application">*</Select>\
			<Select Path="Security">*</Select>\
                        </Query>\
              </QueryList>
You do not have the required permissions to view the files attached to this post.
Top
User avatar
mcapra
Posts: 3739
Joined: Thu May 05, 2016 3:54 pm

Re: Configure nslog.conf for DFSR logging

Post by mcapra »

That's what this example seems to be doing:
https://gist.github.com/grenade/3bbb336209a8859af9d1

Code: Select all

<Input filtered_eventlog>
  Module im_msvistalog
  ReadFromLast TRUE
  Query <QueryList>\
          <Query Id="0">\
            <Select Path="Application">*[System[Level=1 or Level=2 or Level=3]]</Select>\
            <Select Path="System">*[System[Level=1 or Level=2 or Level=3]]</Select>\
            <Select Path="Active Directory Web Services">*[System[Level=1 or Level=2 or Level=3]]</Select>\
            <Select Path="DFS Replication">*[System[Level=1 or Level=2 or Level=3]]</Select>\
            <Select Path="Directory Service">*[System[Level=1 or Level=2 or Level=3]]</Select>\
            <Select Path="HardwareEvents">*[System[Level=1 or Level=2 or Level=3]]</Select>\
            <Select Path="Internet Explorer">*[System[Level=1 or Level=2 or Level=3]]</Select>\
            <Select Path="Key Management Service">*[System[Level=1 or Level=2 or Level=3]]</Select>\
            <Select Path="Microsoft-Windows-Application Server-Applications/Admin">*[System[Level=1 or Level=2 or Level=3]]</Select>\
            <Select Path="Microsoft-Windows-Dhcp-Client/Admin">*[System[Level=1 or Level=2 or Level=3]]</Select>\
            <Select Path="Microsoft-Windows-DhcpNap/Admin">*[System[Level=1 or Level=2 or Level=3]]</Select>\
            <Select Path="Microsoft-Windows-Dhcpv6-Client/Admin">*[System[Level=1 or Level=2 or Level=3]]</Select>\
            <Select Path="Microsoft-Windows-Diagnosis-Scripted/Admin">*[System[Level=1 or Level=2 or Level=3]]</Select>\
            <Select Path="Microsoft-Windows-EnrollmentPolicyWebService/Admin">*[System[Level=1 or Level=2 or Level=3]]</Select>\
            <Select Path="Microsoft-Windows-EnrollmentWebService/Admin">*[System[Level=1 or Level=2 or Level=3]]</Select>\
            <Select Path="Microsoft-Windows-Kernel-EventTracing/Admin">*[System[Level=1 or Level=2 or Level=3]]</Select>\
            <Select Path="Microsoft-Windows-MUI/Admin">*[System[Level=1 or Level=2 or Level=3]]</Select>\
            <Select Path="Microsoft-Windows-PrintService/Admin">*[System[Level=1 or Level=2 or Level=3]]</Select>\
            <Select Path="Microsoft-Windows-RemoteApp and Desktop Connections/Admin">*[System[Level=1 or Level=2 or Level=3]]</Select>\
            <Select Path="microsoft-windows-RemoteDesktopServices-RemoteDesktopSessionManager/Admin">*[System[Level=1 or Level=2 or Level=3]]</Select>\
            <Select Path="Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin">*[System[Level=1 or Level=2 or Level=3]]</Select>\
            <Select Path="Microsoft-Windows-TerminalServices-LocalSessionManager/Admin">*[System[Level=1 or Level=2 or Level=3]]</Select>\
            <Select Path="Microsoft-Windows-TerminalServices-PnPDevices/Admin">*[System[Level=1 or Level=2 or Level=3]]</Select>\
            <Select Path="Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin">*[System[Level=1 or Level=2 or Level=3]]</Select>\
            <Select Path="ThinPrint Diagnostics">*[System[Level=1 or Level=2 or Level=3]]</Select>\
            <Select Path="Windows PowerShell">*[System[Level=1 or Level=2 or Level=3]]</Select>\
          </Query>\
        </QueryList>
</Input>
I imagine adding an additional <Select> should be sufficient.
Former Nagios employee
https://www.mcapra.com/
Top
james.liew
Posts: 59
Joined: Wed Feb 22, 2017 1:30 am

Re: Configure nslog.conf for DFSR logging

Post by james.liew »

Seems to be working after I added that line.

Will monitor for now
Top
dwhitfield
Former Nagios Staff
Posts: 4583
Joined: Wed Sep 21, 2016 10:29 am
Location: NoLo, Minneapolis, MN
Contact:
Contact dwhitfield

Re: Configure nslog.conf for DFSR logging

Post by dwhitfield »

Fantastic. No need to respond if it ends up working, but do let us know if you continue to have problems.
Top
Locked

Return to “Nagios Log Server”