WindowsEventID Monitoring

This board serves as an open discussion and support collaboration point for Nagios XI. NOTE: Nagios XI customers should use the Customer Support forum to obtain expedited support.

WindowsEventID Monitoring

Postby grayloglearn » Wed Aug 14, 2019 11:05 am

Hi Team,

Previously i raise a same ticket but it was locked so again i am raising the query.
I have downloaded the check_eventlog plugin from the below URL to check the how its working but its giving the error while executing script.

https://gallery.technet.microsoft.com/s ... l-4153d359

After downloading that i just executed to check the attached error is showing. Please find the attachment. Could you please help how to enable the EventID to monitor. We are using nscp client 0.5 Version.
Attachments
error.PNG
grayloglearn
 
Posts: 72
Joined: Thu Jul 06, 2017 8:55 am

Re: WindowsEventID Monitoring

Postby mcapra » Wed Aug 14, 2019 12:52 pm

The solution is to either sign that script with an authority your system/organization likes, or to change the Powershell execution policy to allow unsigned (or remote signed) scripts to be executed:
http://tritoneco.com/2014/02/21/fix-for ... ly-signed/

Here's more info in an article written by @WillemDH, with a similar problem and solution in the article's comments:
https://outsideit.net/monitoring-window ... led-tasks/
Former Nagios employee
http://www.mcapra.com/
User avatar
mcapra
 
Posts: 3564
Joined: Thu May 05, 2016 3:54 pm

Re: WindowsEventID Monitoring

Postby mbellerue » Thu Aug 15, 2019 10:06 am

Thanks for the good information, Matt!

grayloglearn, does the above information help with your issue?
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
mbellerue
 
Posts: 126
Joined: Fri Jul 12, 2019 11:10 am

Re: WindowsEventID Monitoring

Postby grayloglearn » Mon Aug 19, 2019 5:00 am

Thanks for the reply.

As you said you have set the policy and tried to execute the script as its working fine. But i want monitor the EventID which attached in attachment. I tried to execute but its saying OK how to make those eventID matches should show critical if not match ok.
Attachments
eventid3.PNG
grayloglearn
 
Posts: 72
Joined: Thu Jul 06, 2017 8:55 am

Re: WindowsEventID Monitoring

Postby mbellerue » Mon Aug 19, 2019 9:27 am

If it's not possible to have the script return critical upon finding the specific Event entry, then you could use the Negate plugin in Nagios XI.

https://assets.nagios.com/downloads/nag ... ios-XI.pdf
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
mbellerue
 
Posts: 126
Joined: Fri Jul 12, 2019 11:10 am

Re: WindowsEventID Monitoring

Postby grayloglearn » Tue Aug 20, 2019 12:12 am

Hi Team,

i have seen somewhere the below entries . How to understand this

CheckEventLog -a file=System MaxWarn=1 MaxCrit=1 "filter=generated gt -15m AND severity NOT IN ('success', 'informational') AND id='4320' and source='netbt'" truncate=1023 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"
grayloglearn
 
Posts: 72
Joined: Thu Jul 06, 2017 8:55 am


Return to Nagios XI

Who is online

Users browsing this forum: berlin, manimurugesan and 14 guests