Is there easy way to monitor a windows log file last modified time?
If a particular log file modified time isn't within the last hour i would like to be notified.
Is there built in tool or would this be a custom scripting ?
windows log file monitoring
-
benjaminsmith
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: windows log file monitoring
Hi,
The number of Log file plugins for Windows systems is limited, and I'm going to check in with other support team members on this for input. Otherwise, it would take some custom scripting but this type of plugin shouldn't be too difficult.
Reference
Nagios Exchange Log Files
The number of Log file plugins for Windows systems is limited, and I'm going to check in with other support team members on this for input. Otherwise, it would take some custom scripting but this type of plugin shouldn't be too difficult.
Reference
Nagios Exchange Log Files
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: windows log file monitoring
@localit checklog3, which is in the exchange, should be able to do this.
Since this is Windows, you could also make a plugin yourself in powershell, something like this (I have not tested this, but it should work or get you close enough)
you'd feed two arguments, the file path/name combo and the # of minutes to trigger a critical
example ./logfiletimecheck.ps1 'd:\logs\muhlogfile.log' 60
be sure to feed anything with / \ | etc or white spaces inside " or '
You could also output last modified time to the output instead of the # of minute I put in my cocktail napkin code above.
And add critical thresholds as well, etc.
Since this is Windows, you could also make a plugin yourself in powershell, something like this (I have not tested this, but it should work or get you close enough)
Code: Select all
param (
[string]$file = "stop",
[string]$time
)
#########################
##
## vars
##
#################
$error.clear()
$response = ""
$crit = 0
$output = ""
$args = 0
cd ${env:ProgramFiles(x86)}\Nagios\NCPA\Plugins\
if ($file -eq "stop") {
Write-Output "no file name specified, stopping"
exit 3}
if ( ((Get-Date) - (ls $file).LastWriteTime).Minute -gt $time) {
Write-Output "not modified in last " $time " minutes"
exit 2
}
Write-Output "modified in last " $time " minutes"
exit 0
example ./logfiletimecheck.ps1 'd:\logs\muhlogfile.log' 60
be sure to feed anything with / \ | etc or white spaces inside " or '
You could also output last modified time to the output instead of the # of minute I put in my cocktail napkin code above.
And add critical thresholds as well, etc.
-
benjaminsmith
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: windows log file monitoring
HI,
Appreciate your input on this question @WillH.
@localit, let us know if either of those approaches would work. Using a Powershell script has the advantage not requiring other software. Are you running an agent, like NCPA, on the windows system?
--Benjamin
Appreciate your input on this question @WillH.
@localit, let us know if either of those approaches would work. Using a Powershell script has the advantage not requiring other software. Are you running an agent, like NCPA, on the windows system?
--Benjamin
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: windows log file monitoring
i am currently running nrpe , i typically just create a batch file and have the config file point to it in order to run it.
Is this possible to run via batch file.
i am able to get modification through command file
dir /T:W /A:-D D:\conti\conti.jpg
if gives me the result of :
07/02/2019 10:24 AM 77,852 conti.jpg
1 File(s) 77,852 bytes
0 Dir(s) 87,951,826,944 bytes free
i want to basically do what you said above, if the modification date is older then 2 hours or 120mins alert me. how can i set this up as batch to echo this.
Is this possible to run via batch file.
i am able to get modification through command file
dir /T:W /A:-D D:\conti\conti.jpg
if gives me the result of :
07/02/2019 10:24 AM 77,852 conti.jpg
1 File(s) 77,852 bytes
0 Dir(s) 87,951,826,944 bytes free
i want to basically do what you said above, if the modification date is older then 2 hours or 120mins alert me. how can i set this up as batch to echo this.
Re: windows log file monitoring
basically it would exit 0 if the time is 120minutes or less
exit 2 if the value of time in mins is greater then 120
exit 2 if the value of time in mins is greater then 120
-
benjaminsmith
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: windows log file monitoring
Hi,
What NPRE setup are you using, that program is Linux/Unix agent?
There's probably a way to do this in a batch file, but I think it's easier to use the Powershell script provided Willh, it works well. You would just run the script with the 120-minute option as the time argument (the first argument is the path of the file).
I tried doing the same operation with a batch file but it's more difficult to parse the output form commands (developing plugins is out scope for product support).
I made a minor change to the PowerShell script (had trouble reading the time output).
What NPRE setup are you using, that program is Linux/Unix agent?
There's probably a way to do this in a batch file, but I think it's easier to use the Powershell script provided Willh, it works well. You would just run the script with the 120-minute option as the time argument (the first argument is the path of the file).
I tried doing the same operation with a batch file but it's more difficult to parse the output form commands (developing plugins is out scope for product support).
I made a minor change to the PowerShell script (had trouble reading the time output).
Code: Select all
param (
[string]$file = "stop",
[string]$time
)
#########################
##
## vars
##
#################
$error.clear()
$response = ""
$crit = 0
$output = ""
$args = 0
cd ${env:ProgramFiles(x86)}\Nagios\NCPA\Plugins\
if ($file -eq "stop") {
Write-Output "no file name specified, stopping"
exit 3}
$lastwrite = (ls $file).LastWriteTime.Minute
if ( $lastwrite -gt $time) {
Write-Output "not modified in last " $time " minutes"
exit 2
}
Write-Output "modified in last " $time " minutes"
exit 0
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: windows log file monitoring
I can run ps the same way i am running batch file i can just tell nrpe to point back to it.
so on your script what is the
cd ${env:ProgramFiles(x86)}\ ?? < is this where i put my file location that i am trying to read the modification date from?
Where do input my 120 rule?
Sorry i am not programmer.
so on your script what is the
cd ${env:ProgramFiles(x86)}\ ?? < is this where i put my file location that i am trying to read the modification date from?
Where do input my 120 rule?
Sorry i am not programmer.
Re: windows log file monitoring
I can run it through ncpa if that is easier , just haven't messed with that side of nagios much?
Re: windows log file monitoring
I am trying to get nagios to run the script and i am getting this error for the .ps1 file
Failed to execute modtime seems more like a script maybe you need a script executable first: failed to lookup error code: 193 (reason: 87)
Failed to execute modtime seems more like a script maybe you need a script executable first: failed to lookup error code: 193 (reason: 87)