Windows Eventlog Addon/Plugin published

[Russell Adams]

I monitor Windows servers for similar conditions.

However, I use Event Reporter on Windows to forward the Event Log to a
linux syslog server running syslog-ng. I then use Logmuncher to report
on the contents of the logs at 5 minute intervals.

I find this much easier and comprehensive than trying to detect logs
with Netsaint/Nagios. It would be trivial to modify the setup to send
passive alerts to Nagios upon receiving a critical message.

Russell

On Fri, Jul 11, 2003 at 02:32:59PM -0300, Rainer wrote:
> Hello Martin,
> 
> That's a very interesting idea.
> I was reading the plugin examples on your site, and I think I can use it
> for a idea I had the other day.
> I want to monitor the 'Application' Eventlog using your plugin, and have
> Nagios send me a notification when it finds an 'Error' type log from
> Norton Antivirus stating it has found a virus.
> The 'Event Source' is "Norton AntiVirus" and the 'Event ID' is "5".
> The 'Description' is usually something like this:
> "Virus Found!Virus name: W32.Klez.gen at mm in File C:\somedir\somefile.exe
> by: Realtime Protection scan. Action: Clean failed : Quarantine succeeded
> : Access denied".
> I want the plugin to send me the event description as its $OUTPUT$.
> My question is: how does your plugin keep track of which event logs were
> detected? I mean, if the plugin finds an error event such as the one above
> and send me a notification, will it resend the notification the next time
> the plugin is run (ex. 20 minutes later)? I want it to send the
> notification only the first time the event log is detected.
> Could this be done?
> 
> Best regards,
> Rainer Alves
> Unisys Brazil
> 
> > Hi,
> >
> > we have just released our first public version of a Windows Eventlog
> > Plugin
> > for Nagios.
> > Details can be found on
> >
> > http://naplax.sourceforge.net
> >
> > This addon allows Nagios to monitor Windows EventLogs by querying an agent
> > installed on the Windows machine (the agent is part of this package.)
> > While
> > by default every event is notified by Nagios, extensive filtering can be
> > defined through various parameters. You can do "anything but XY"
> > or"nothing
> > but XY" notifications or some strange things between these two.
> >
> > Martin Schmitz
> > net&works Netzwerke und Service GmbH
> > Luetzerodestrasse 12
> > D-30161 Hannover, Germany
> >
> > PGP fingerprint: 225E A59C C08A 9ED5 9003  01A1 399B BFE0 6450 CA40
> >
> > *** Besuchen Sie uns im Netz: http://www.naw.de !!! ***
> >
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email sponsored by: Parasoft
> Error proof Web apps, automate testing & more.
> Download & eval WebKing and get a free book.
> www.parasoft.com/bulletproofapps1
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
> ::: Messages without supporting info will risk being sent to /dev/null


-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps1
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null