Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Monitoring Windows Server 2008 Logs

https://support.nagios.com/forum/viewtopic.php?t=5828

Page 1 of 1

Monitoring Windows Server 2008 Logs

Posted: Wed May 16, 2012 10:00 am
by m8r
I'm trying to monitor Windows event logs but have trouble with logs that have spaces in them. On my server, I'm running
./check_nrpe -H x.x.x.x -p 5666 ds_check

My ds_check on the server side is below. There is one log entry on 5/10/2012 with this event ID, so it should be grabbing:

ds_check=CheckEventLog file="directory service" MaxWarn=0 MaxCrit=1 "filter.eventID==2087 filter=in" truncate=1024 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"

I ran this ds_check as a simple test to see if the alias worked because I had basically followed the syntax of this, which is working no problem:

eventid137=CheckEventLog file=system MaxWarn=0 MaxCrit=1 "filter.eventID==137 filter=in" truncate=1024 unique descriptions "syntax=%severity%: %source%: %id%: %message% (%count%)"

Regarding the Directory Service log, I've tried:

"file=directory service"
file="directory service"
file=directory\service
file=directory/service
"file=directory\service"
file="directory\service"
file="directory/service"
file="directory/service"

and basically any variation of quotes and back/forward slashes. Can Event logs that have spaces in the names be monitored? I've also tried entering the direct full file path to the Event log with no avail.

Re: Monitoring Windows Server 2008 Logs

Posted: Wed May 16, 2012 1:23 pm
by scottwilkerson
this topic on the NSClient++ site describes how to find the name needed
http://www.nsclient.org/nscp/discussion/topic/408

Another one uses inject and it looks like they are wrapping the whole thing in quotes
http://nsclient.org/nscp/ticket/74

Code: Select all

"file=Directory Service"

Re: Monitoring Windows Server 2008 Logs

Posted: Wed May 16, 2012 2:47 pm
by m8r
I'd already tried wrapping the file variable in quotes, which didn't work.

Re: Monitoring Windows Server 2008 Logs

Posted: Wed May 16, 2012 3:05 pm
by agriffin
Did you try following the steps in the first link swilkerson listed? You are possibly not specifying the correct name.

If that doesn't help, please list any errors you run into while experimenting, or what exactly goes wrong if there are no errors.. You may have to check NSClient++'s or Nagios' log files for them.

Re: Monitoring Windows Server 2008 Logs

Posted: Fri May 18, 2012 8:06 am
by m8r
Yes, I did. That didn't do anything either. The log comes up as els.evtx, but that didn't do anything either. I don't know how to check the logs.

Re: Monitoring Windows Server 2008 Logs

Posted: Fri May 18, 2012 2:43 pm
by scottwilkerson
did you try it with inject as outlined by Michael Medin here?
http://nsclient.org/nscp/ticket/74
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited