Windows Eventlog Addon/Plugin published

[Andy]

I might be wrong on this, but I'm pretty sure that the dumbel dumps the
whole log for the day. You can't break it down into smaller increments -
or the way the checklog2.pl scripts works but marking where it left off.

I like your method but wouldn't that cause a huge load later in the day as
the logs fill up more and more?

>
> Interesting seeing how other people monitor windows event logs with
> nagios.
> I use the dumpel.exe (dump event log) tool that comes with the windows
> nt resource kit, I just dump the application, system & security logs
> from all windows servers to a samba share on the nagios machine. Logs
> can be dumped to comma or tab separated files. Then I just use awk/sh
> scripts to scan the logs and report on events. Handy to awk in html &
> <table> tags so they can be linked to & displayed in html.
> I like this way as it saves having a client on the windows machines. I
> just run a batch file every few mins off one of the windows servers &
> that dumps the logs off all of them.
>
> Anyone know what happened to NSClientEVL? Or got any other ways of doing
> this?
> Cheers
> Dave.
>
>
>
> -----Original Message-----
> From: nagios-users-admin at lists.sourceforge.net
> [mailto:nagios-users-admin at lists.sourceforge.net] On Behalf Of Russell
> Adams
> Sent: 11 July 2003 20:17
> To: nagios-users at lists.sourceforge.net
> Subject: Re: [Nagios-users] Re: Windows Eventlog Addon/Plugin published
>
> I monitor Windows servers for similar conditions.
>
> However, I use Event Reporter on Windows to forward the Event Log to a
> linux syslog server running syslog-ng. I then use Logmuncher to report
> on the contents of the logs at 5 minute intervals.
>
> I find this much easier and comprehensive than trying to detect logs
> with Netsaint/Nagios. It would be trivial to modify the setup to send
> passive alerts to Nagios upon receiving a critical message.
>
> Russell
>
> On Fri, Jul 11, 2003 at 02:32:59PM -0300, Rainer wrote:
>> Hello Martin,
>>
>> That's a very interesting idea.
>> I was reading the plugin examples on your site, and I think I can use
> it
>> for a idea I had the other day.
>> I want to monitor the 'Application' Eventlog using your plugin, and
> have
>> Nagios send me a notification when it finds an 'Error' type log from
>> Norton Antivirus stating it has found a virus.
>> The 'Event Source' is "Norton AntiVirus" and the 'Event ID' is "5".
>> The 'Description' is usually something like this:
>> "Virus Found!Virus name: W32.Klez.gen at mm in File
> C:\somedir\somefile.exe
>> by: Realtime Protection scan. Action: Clean failed : Quarantine
> succeeded
>> : Access denied".
>> I want the plugin to send me the event description as its $OUTPUT$.
>> My question is: how does your plugin keep track of which event logs
> were
>> detected? I mean, if the plugin finds an error event such as the one
> above
>> and send me a notification, will it resend the notification the next
> time
>> the plugin is run (ex. 20 minutes later)? I want it to send the
>> notification only the first time the event log is detected.
>> Could this be done?
>>
>> Best regards,
>> Rainer Alves
>> Unisys Brazil
>>
>> > Hi,
>> >
>> > we have just released our first public version of a Windows Eventlog
>> > Plugin
>> > for Nagios.
>> > Details can be found on
>> >
>> > http://naplax.sourceforge.net
>> >
>> > This addon allows Nagios to monitor Windows EventLogs by querying an
> agent
>> > installed on the Windows machine (the agent is part of this
> package.)
>> > While
>> > by default every event is notified by Nagios, extensive filtering
> can be
>> > defined through various parameters. You can do "anything but XY"
>> > or"nothing
>> > but XY" notifications or some strange things between these two.
>> >
>> > Martin Schmitz
>> > net&works Netzwerke und Service GmbH
>> > Luetzerodestrasse 12
>> > D-30161 Hannover, Germany
>> >
>> > PGP fingerprint: 225E A59C C08A 9ED5 9003  01A1 399B BFE0 6450 CA40
>> >
>> > *** Besuchen Sie uns im Netz: http://www.naw.de !!! ***
>> >
>>
>>
>>
>> -------------------------------------------------------
>> This SF.Net email sponsored by: Parasoft
>> Error proof Web apps, automate testing & more.
>> Download & eval WebKing and get a free book.
>> www.parasoft.com/bulletproofapps1
>> _______________________________________________
>> Nagios-users mailing list
>> Nagios-users at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/nagios-users
>> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
>> ::: Messages without supporting info will risk being sent to /dev/null
>
>
> -------------------------------------------------------
> This SF.Net email sponsored by: Parasoft
> Error proof Web apps, automate testing & more.
> Download & eval WebKing and get a free book.
> www.parasoft.com/bulletproofapps1
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>
>
>
>



-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps1
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null