Page 1 of 2
windows log file monitoring
Posted: Mon Sep 13, 2021 1:31 pm
by localit
Is there easy way to monitor a windows log file last modified time?
If a particular log file modified time isn't within the last hour i would like to be notified.
Is there built in tool or would this be a custom scripting ?
Re: windows log file monitoring
Posted: Tue Sep 14, 2021 6:03 pm
by benjaminsmith
Hi,
The number of Log file plugins for Windows systems is limited, and I'm going to check in with other support team members on this for input. Otherwise, it would take some custom scripting but this type of plugin shouldn't be too difficult.
Reference
Nagios Exchange Log Files
Re: windows log file monitoring
Posted: Wed Sep 15, 2021 1:25 pm
by WillH
@localit checklog3, which is in the exchange, should be able to do this.
Since this is Windows, you could also make a plugin yourself in powershell, something like this (I have not tested this, but it should work or get you close enough)
Code: Select all
param (
[string]$file = "stop",
[string]$time
)
#########################
##
## vars
##
#################
$error.clear()
$response = ""
$crit = 0
$output = ""
$args = 0
cd ${env:ProgramFiles(x86)}\Nagios\NCPA\Plugins\
if ($file -eq "stop") {
Write-Output "no file name specified, stopping"
exit 3}
if ( ((Get-Date) - (ls $file).LastWriteTime).Minute -gt $time) {
Write-Output "not modified in last " $time " minutes"
exit 2
}
Write-Output "modified in last " $time " minutes"
exit 0
you'd feed two arguments, the file path/name combo and the # of minutes to trigger a critical
example ./logfiletimecheck.ps1 'd:\logs\muhlogfile.log' 60
be sure to feed anything with / \ | etc or white spaces inside " or '
You could also output last modified time to the output instead of the # of minute I put in my cocktail napkin code above.
And add critical thresholds as well, etc.
Re: windows log file monitoring
Posted: Thu Sep 16, 2021 6:48 am
by benjaminsmith
HI,
Appreciate your input on this question
@WillH.
@localit, let us know if either of those approaches would work. Using a Powershell script has the advantage not requiring other software. Are you running an agent, like NCPA, on the windows system?
--Benjamin
Re: windows log file monitoring
Posted: Thu Sep 16, 2021 11:07 am
by localit
i am currently running nrpe , i typically just create a batch file and have the config file point to it in order to run it.
Is this possible to run via batch file.
i am able to get modification through command file
dir /T:W /A:-D D:\conti\conti.jpg
if gives me the result of :
07/02/2019 10:24 AM 77,852 conti.jpg
1 File(s) 77,852 bytes
0 Dir(s) 87,951,826,944 bytes free
i want to basically do what you said above, if the modification date is older then 2 hours or 120mins alert me. how can i set this up as batch to echo this.
Re: windows log file monitoring
Posted: Thu Sep 16, 2021 11:29 am
by localit
basically it would exit 0 if the time is 120minutes or less
exit 2 if the value of time in mins is greater then 120
Re: windows log file monitoring
Posted: Thu Sep 16, 2021 5:02 pm
by benjaminsmith
Hi,
What NPRE setup are you using, that program is Linux/Unix agent?
There's probably a way to do this in a batch file, but I think it's easier to use the Powershell script provided Willh, it works well. You would just run the script with the 120-minute option as the time argument (the first argument is the path of the file).
I tried doing the same operation with a batch file but it's more difficult to parse the output form commands (developing plugins is out scope for product support).
I made a minor change to the PowerShell script (had trouble reading the time output).
Code: Select all
param (
[string]$file = "stop",
[string]$time
)
#########################
##
## vars
##
#################
$error.clear()
$response = ""
$crit = 0
$output = ""
$args = 0
cd ${env:ProgramFiles(x86)}\Nagios\NCPA\Plugins\
if ($file -eq "stop") {
Write-Output "no file name specified, stopping"
exit 3}
$lastwrite = (ls $file).LastWriteTime.Minute
if ( $lastwrite -gt $time) {
Write-Output "not modified in last " $time " minutes"
exit 2
}
Write-Output "modified in last " $time " minutes"
exit 0
Re: windows log file monitoring
Posted: Fri Sep 17, 2021 8:23 am
by localit
I can run ps the same way i am running batch file i can just tell nrpe to point back to it.
so on your script what is the
cd ${env:ProgramFiles(x86)}\ ?? < is this where i put my file location that i am trying to read the modification date from?
Where do input my 120 rule?
Sorry i am not programmer.
Re: windows log file monitoring
Posted: Fri Sep 17, 2021 8:31 am
by localit
I can run it through ncpa if that is easier , just haven't messed with that side of nagios much?
Re: windows log file monitoring
Posted: Fri Sep 17, 2021 8:46 am
by localit
I am trying to get nagios to run the script and i am getting this error for the .ps1 file
Failed to execute modtime seems more like a script maybe you need a script executable first: failed to lookup error code: 193 (reason: 87)