Windows Event Logging Check and Description Details
Posted: Wed Apr 07, 2021 8:26 am
Hello -
I'm working with our Windows engineer and he is asking to have a Windows Event log check. We were able to create one but the returned service description isn't ideal and is vague in what we would like to see. The NCPA agent is used from Nagios XI 5.7.5 and we want to utilize this for many event logging monitors. With that said, has anyone been able to extend the detail of the returned description or has found a way to enhance that as returned next to the check status in the email/alert notifications. See what we are getting back and the check used to generate it. All feedback is greatly appreciated. Thanks!
Service check as created by the Windows System log wizard in XI:
-M 'logs' -q 'name=System,logged_after=30m,severity=ERROR,event_id=5722,application=NETLOGON' -c 0
Email notification of alert:
***** Nagios Monitor XI Alert *****
Notification Type: PROBLEM
Service: System Error Logs
Host: my_host_name
Address: x.x.x.x
State: CRITICAL
Date/Time: Tue Apr 6 11:14:21 CDT 2021
Additional Info:
CRITICAL: System has 1 logs, Total Count has 1 logs (Time range - last 30 minutes)
The Critical above would be great if it could return string/description that could have the Event details within. This may not be possible just using the NCPA agent alone but would like to go down that path first.
I'm working with our Windows engineer and he is asking to have a Windows Event log check. We were able to create one but the returned service description isn't ideal and is vague in what we would like to see. The NCPA agent is used from Nagios XI 5.7.5 and we want to utilize this for many event logging monitors. With that said, has anyone been able to extend the detail of the returned description or has found a way to enhance that as returned next to the check status in the email/alert notifications. See what we are getting back and the check used to generate it. All feedback is greatly appreciated. Thanks!
Service check as created by the Windows System log wizard in XI:
-M 'logs' -q 'name=System,logged_after=30m,severity=ERROR,event_id=5722,application=NETLOGON' -c 0
Email notification of alert:
***** Nagios Monitor XI Alert *****
Notification Type: PROBLEM
Service: System Error Logs
Host: my_host_name
Address: x.x.x.x
State: CRITICAL
Date/Time: Tue Apr 6 11:14:21 CDT 2021
Additional Info:
CRITICAL: System has 1 logs, Total Count has 1 logs (Time range - last 30 minutes)
The Critical above would be great if it could return string/description that could have the Event details within. This may not be possible just using the NCPA agent alone but would like to go down that path first.