Page 1 of 1
HowTo monitor Event Log using WMI
Posted: Tue Jul 10, 2012 6:11 am
by BWNet
Hi everybody.
I just setup NagiosXI using the 64bit VMWare image. I configured WMI on a Windows 2003 Enterprise Server which I want to monitor and added this server to NagioxXI using the "Windows WMI Monitoring Wizard". Everything works so far (CPU, RAM, HDD, Processes and Services) except monitoring the Event Log. I checked the boxes that were predefined in the Wizard and it installs ok. But when I generate Errors in the Event Log, the service checks always state "OK - 0 event(s) of at least Severity Level "Error", were recorded in the last 1 hours from the Application,1,1 Event Log."
Is there something I do wrong?
Thanks in advance,
Benjamin
Re: HowTo monitor Event Log using WMI
Posted: Tue Jul 10, 2012 10:02 am
by yancy
BWNet,
Can you confirm the event log errors where generated in the application event log and not system or security. I believe only the events that are "Error" will trip a warning or critical on Nagios.
Regards,
Re: HowTo monitor Event Log using WMI
Posted: Wed Jul 11, 2012 1:03 am
by BWNet
Hi,
yes I have Errors in both the Application and the System Event Log:
systemError.JPG
applicationError.JPG
But the Services Monitor doesn't show any errors:
applicationMonitor.JPG
The services are configured using this command generated by the WMI Wizard:
Application: check_xi_service_wmiplus!'wmiagent'!'wmiagent'!checkeventlog!-a 'Application,2,1' -w '1'
System: check_xi_service_wmiplus!'wmiagent'!'wmiagent'!checkeventlog!-a 'System,1,1' -w '1'
Re: HowTo monitor Event Log using WMI
Posted: Wed Jul 11, 2012 9:40 am
by yancy
can you test the following from the command line:
/usr/local/nagios/libexec/check_wmi_plus.pl -H 192.168.5.99 -m checkeventlog -u administrator -p password -a system -o 2 -3 4
(replace ip address username and password with your own)
Regards,
Re: HowTo monitor Event Log using WMI
Posted: Wed Jul 11, 2012 12:01 pm
by yancy
BWNet,
I did some testing and it looks like there is an error in the default definition.
I posted some example on the FAQ:
http://support.nagios.com/wiki/index.ph ... _Log_Check
Let me know if this works for you.
Regards
Re: HowTo monitor Event Log using WMI
Posted: Wed Aug 01, 2012 7:56 am
by BWNet
Hi,
sorry for the late reply, but I was on holidays for a few weeks.
It ALMOST works now...but I just found another problem. The System has the correct system time set, but an incorrect timezone setting. This leads to the problem that Nagios thinks, an error message generated a minute ago is already 7 hours old. I installed system-config-date (using yum install system-config-date oder a ssh session) to correct that. But when I try to run system-config-date, I get the following error message:
Code: Select all
Traceback (most recent call last):
File "/usr/share/system-config-date/system-config-date.py", line 73, in <module>
useGuiMode(page)
File "/usr/share/system-config-date/system-config-date.py", line 46, in useGuiMode
import scdMainWindow
File "/usr/share/system-config-date/scdMainWindow.py", line 30, in <module>
import gtk
File "/usr/lib64/python2.6/site-packages/gtk-2.0/gtk/__init__.py", line 64, in <module>
_init()
File "/usr/lib64/python2.6/site-packages/gtk-2.0/gtk/__init__.py", line 52, in _init
_gtk.init_check()
RuntimeError: could not open display
#
Is there anything I can do to prevent that?
Thanks,
Benjamin
Re: HowTo monitor Event Log using WMI
Posted: Wed Aug 01, 2012 9:42 am
by yancy
Hi Benjamin,
The timezone issue doesn't seem related to WMI eventlog. Could you re-post your question under a new thread.
Thanks,
-Yancy