Monitoring Windows Event Logs With NagEventLog

[RIDS_I2MP]

Hello Team,

We have to monitor Windows event logs. I have checked the documents for the same and found the below:

https://assets.nagios.com/downloads/nag ... entLog.pdf

After checking this document, I got too much confused like what exactly I have to install on Windows machine like NCPA or NCSA.

I have NSCP-0.5.2.35-x64 version available with me for NSC++ installation. Please let me know what additionally I have to install on my machine to monitor event logs.

Note: NSC++ is a must as we have to monitor a number of othe parameters as well like CPU, disk, memory utilization and few services.

Please help me with the same.

Thanks a lot in advance!!

[benjaminsmith]

Hi @RIDS_I2MP,

If you are running the latest version of Nagios XI ( 5.6.4 ) we have updated the Windows Event Log Wizard to use NCPA instead of NagEventLog.

You will just need to install NCPA on the remote host and run the wizard. NCPA has a built in API for running checks. The documentation is available online at:

https://www.nagios.org/ncpa/help.php#ap ... s-extended

NCPA Agent Installation Instructions

Let us know if you have any further questions.

[RIDS_I2MP]

Hello,

Thanks for the reply!!

As per your suggestion, I have followed below document and installed NCPA on Windows machine.

NCPA Agent Installation Instructions

Windows server IP: 10.147.209.120

After NCPA agent installation, I ran Windows event log wizard. I am getting the status of event logs as:

OK: No data received yet.

I am attaching the doc here for your reference. I feel the NCPA agent is not able to fetch the data from the server (not sure though).

Please let me know if I have missed anything.

[benjaminsmith]

Hello @RIDS_I2MP,

It looks like you might be using the older version of the Wizard. Go to Admin > System Extensions > Manage Config Wizards and scroll down until you find the Windows Event Log. You should be using version 2.0.0.

windows-event-log.png

If not, simply click the Check For Updates button at the top of the page and go back to the wizard and click the Install link, and then try running the wizard again.

[RIDS_I2MP]

Hello,

As per your suggestion, I have updated it to latest version and it seems to be working fine now.

I have confusion regarding the details that needs to be filled in while running the wizard. I am attaching the screen shot for your reference. Please let me know how to fill those details.

[cdienger]

There are filters that can be applied to logs. The default is to search the Windows' Application, System, and Security logs fore Error events by default. You can change these or add additional filters(ID,SourceName, etc...). These fields are all part of what Windows logs with an event in Eventviewer.

[RIDS_I2MP]

Hello,

I tried checking the fields/filters, but I am still not sure about the details. Can you please help me to understand that?
I have attached the screen shot here, please let me know from where we can get those details.

[cdienger]

You get that information from event viewer logs. See attached screenshot.

[RIDS_I2MP]

Hello,

Thank you for the help!!

We will check it and get back to you.

[cdienger]

Keep us posted and let us know if you have any questions.