Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Windows logs monitoring

https://support.nagios.com/forum/viewtopic.php?t=61117

Page 1 of 1

Windows logs monitoring

Posted: Wed Dec 30, 2020 5:45 am
by kalyanpabolu
Hello,

We are monitoring for Windows Event Logs. We are able to get complete logs information in Nagios XI. But, the log related information is not going properly in email body.

I want complete information in the email alerts sent to our monitoring Team.

Attaching the screenshot of email and Nagios XI error for your reference.

[root@HO1-NAGIOSXI libexec]# ./check_ncpa.py -H 10.20.33.8 -t '**********' -P 5693 -M 'logs' -q 'name=System,logged_after=1440m,severity=ERROR,message=shutdown' -c 0
CRITICAL: System has 1 logs, Total Count has 1 logs (Time range - last 1440 minutes) | 'System'=1;;0; 'Total Count'=1;;0;
System Logs
Time: Computer: Severity: Event ID: Source: Message
-----------------------------------
12/29/20 20:14:02: HC-SUL-FS.habchal.org: ERROR: 6008: EventLog: The previous system shutdown at 8:11:30 PM on ‎12/‎29/‎2020 was unexpected.

[root@HO1-NAGIOSXI libexec]#

Re: Windows logs monitoring

Posted: Wed Dec 30, 2020 2:42 pm
by cdienger
By default notifications include %hostoutput% or %serviceoutput% which is just the first line of a plugin's output. You can include the rest of the output with the %longhostoutput% and %logserviceoutput% macros. See:

https://assets.nagios.com/downloads/nag ... iables.pdf
https://assets.nagios.com/downloads/nag ... hostoutput
https://assets.nagios.com/downloads/nag ... viceoutput

Re: Windows logs monitoring

Posted: Thu Jan 07, 2021 1:25 am
by kalyanpabolu
Hello,

Thanks for you reply!!

We are monitoring Windows event logs and searching for "shutdown" keyword. Nagios should send alert f it finds that keyword.

Now, we have some servers for which we have recurring scheduled downtime. They are daily brought down and then after 10 hours, they are brought UP.

If we monitor the logs for those servers, after the downtime gets over, Nagios will capture the data and throw alerts.

We do not want Nagios to send alert for the logs generated during the scheduled downtime.

Is it possible to achieve this requirement?

Re: Windows logs monitoring

Posted: Thu Jan 07, 2021 5:06 pm
by ssax
Is your check_interval for this service 5 minutes or 1440 minutes?

If the check_interval is 5 minutes, you should set the check lookback to 5 minutes as well. (logged_after=5m)

There really isn't a link from the downtime to what the plugin sees, the plugin is doing it's job as instructed, I can't think of a way to do this that doesn't involve you finding a different plugin/writing your own plugin to get the data because it would need to be the plugin that ignore that downtime timeframe. The default NCPA logs endpoint doesn't support it.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited