Hello,
We are monitoring for Windows Event Logs. We are able to get complete logs information in Nagios XI. But, the log related information is not going properly in email body.
I want complete information in the email alerts sent to our monitoring Team.
Attaching the screenshot of email and Nagios XI error for your reference.
[root@HO1-NAGIOSXI libexec]# ./check_ncpa.py -H 10.20.33.8 -t '**********' -P 5693 -M 'logs' -q 'name=System,logged_after=1440m,severity=ERROR,message=shutdown' -c 0
CRITICAL: System has 1 logs, Total Count has 1 logs (Time range - last 1440 minutes) | 'System'=1;;0; 'Total Count'=1;;0;
System Logs
Time: Computer: Severity: Event ID: Source: Message
-----------------------------------
12/29/20 20:14:02: HC-SUL-FS.habchal.org: ERROR: 6008: EventLog: The previous system shutdown at 8:11:30 PM on 12/29/2020 was unexpected.
[root@HO1-NAGIOSXI libexec]#
Windows logs monitoring
-
kalyanpabolu
- Posts: 246
- Joined: Fri Jul 03, 2020 4:18 am
Windows logs monitoring
You do not have the required permissions to view the files attached to this post.
Re: Windows logs monitoring
By default notifications include %hostoutput% or %serviceoutput% which is just the first line of a plugin's output. You can include the rest of the output with the %longhostoutput% and %logserviceoutput% macros. See:
https://assets.nagios.com/downloads/nag ... iables.pdf
https://assets.nagios.com/downloads/nag ... hostoutput
https://assets.nagios.com/downloads/nag ... viceoutput
https://assets.nagios.com/downloads/nag ... iables.pdf
https://assets.nagios.com/downloads/nag ... hostoutput
https://assets.nagios.com/downloads/nag ... viceoutput
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
kalyanpabolu
- Posts: 246
- Joined: Fri Jul 03, 2020 4:18 am
Re: Windows logs monitoring
Hello,
Thanks for you reply!!
We are monitoring Windows event logs and searching for "shutdown" keyword. Nagios should send alert f it finds that keyword.
Now, we have some servers for which we have recurring scheduled downtime. They are daily brought down and then after 10 hours, they are brought UP.
If we monitor the logs for those servers, after the downtime gets over, Nagios will capture the data and throw alerts.
We do not want Nagios to send alert for the logs generated during the scheduled downtime.
Is it possible to achieve this requirement?
Thanks for you reply!!
We are monitoring Windows event logs and searching for "shutdown" keyword. Nagios should send alert f it finds that keyword.
Now, we have some servers for which we have recurring scheduled downtime. They are daily brought down and then after 10 hours, they are brought UP.
If we monitor the logs for those servers, after the downtime gets over, Nagios will capture the data and throw alerts.
We do not want Nagios to send alert for the logs generated during the scheduled downtime.
Is it possible to achieve this requirement?
Re: Windows logs monitoring
Is your check_interval for this service 5 minutes or 1440 minutes?
If the check_interval is 5 minutes, you should set the check lookback to 5 minutes as well. (logged_after=5m)
There really isn't a link from the downtime to what the plugin sees, the plugin is doing it's job as instructed, I can't think of a way to do this that doesn't involve you finding a different plugin/writing your own plugin to get the data because it would need to be the plugin that ignore that downtime timeframe. The default NCPA logs endpoint doesn't support it.
If the check_interval is 5 minutes, you should set the check lookback to 5 minutes as well. (logged_after=5m)
There really isn't a link from the downtime to what the plugin sees, the plugin is doing it's job as instructed, I can't think of a way to do this that doesn't involve you finding a different plugin/writing your own plugin to get the data because it would need to be the plugin that ignore that downtime timeframe. The default NCPA logs endpoint doesn't support it.