AW: Monitoring Windows Event Log from Nagi os

Reutzel, Shane Shane.Reutzel at MemberWorks.com
Sun Aug 22 15:09:29 CEST 2004
Previous message: AW: Monitoring Windows Event Log from Nagios
Next message: problem with /nagios/ access
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
You can also monitor the Windows Event Logs by utilizing the built-in
utility "evntwin" to select the event IDs you want to alert on, export it to
a txt file (command in the utility "evntwin"), then modify the text file and
add the following line to that file "#pragma ADD_TRAP_DEST CommunityName
HostID", wherer "CommunityName" is the community name that you snmp
management device is looking for and where "HostID" is where to send the
SNMP trap.  This will make it so when ever this event id appears in the
event log, a SNMP trap will be sent immediately to a SNMP management device
in real time.

I then have net-snmp (snmpd, snmptrapd), snmptt (utilty to interperet the
trap) and nsca / send-nsca (To send the output to Nagios).

SNMPTRAPD intercepts the trap, in which you have a traphandler that points
this to snmptthandler in the snmptrapd.conf file. 
(Looks like this:  traphandle default /usr/sbin/snmptthandler)

SNMPTTHANDLER then checks it's config file for the matching OID or Trap
(snmptt.conf)

Example of an entry in the snmptt.conf file:

EVENT landeskShutdown
.1.3.6.1.4.1.311.1.13.1.20.82.101.109.111.116.101.32.67.111.110.116.114.111.
108.32.65.103.101.110.116.0.5 "Status Events" CRITICAL
FORMAT Landesk Login Alert: $1 $2 $3 $4 $5
EXEC /usr/local/nagios/libexec/eventhandlers/submit_check_result $r
Event_Logs 1 "Landesk Login Alert: $1"
SDESC
Established connection to storage system
--NMS trap annotation
Variables:
EDESC

NOTE: the long number is the oid, which can be obtained from the evntcmd
utility when you choose the event id to add.  Look at the oid, add a .0 and
then add a .x where x equals the "Trap specific ID"

**********************************************

Example:
Enterprise OID:
1.3.6.1.4.1.311.1.13.1.20.82.101.109.111.116.101.32.67.111.110.116.114.111.1
08.32.65.103.101.110.116
Trap specific ID: 5

OID to look for in snmptt.conf:
.1.3.6.1.4.1.311.1.13.1.20.82.101.109.111.116.101.32.67.111.110.116.114.111.
108.32.65.103.101.110.116.0.5

***********************************************

The snmptthandler interperets it and based off the EXEC command, it sends
the output to an "eventhandler" file.

I have an eventhandler file that looks like this named
"submit_check_result":

# Arguments
#       $1 = name of host in service definition
#       $2 = name/description of service in service definition
#       $3 = return code
#       $4 = output
/bin/echo -e "$1\t$2\t$3\t$4\n" | /usr/local/nagios/bin/send_nsca -H
127.0.0.1 -c /usr/local/nagios/etc/send_nsca.cfg


You have to have the following Daemons run with these options:

SNMPD: -s -l /dev/null -P /var/run/snmpd -a
SNMPTRAPD: -u /var/run/snmptrapd.pid  -o /var/log/snmptrapd.log -Dsnmptrapd
-On

References: 
SNMPD: net-snmp.org
SNMPTT: snmptt.org
EVNTCMD:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-
us/evntcmd.mspx
NSCA / SEND-NSCA: nagios.org

This is a longer way to go about it, but it works in real-time and works
pretty slick.

-Shane

-----Original Message-----
From: nagios-users-admin at lists.sourceforge.net
[mailto:nagios-users-admin at lists.sourceforge.net]On Behalf Of Greg King
Sent: Sunday, August 22, 2004 12:55 AM
To: nagios-users at lists.sourceforge.net
Subject: [Nagios-users] RE: AW: Monitoring Windows Event Log from Nagios


Hi list,

Environment: RH9, Nagios 1.2 from DAG RPMs.

I have installed the windows event monitor of Naplax and it works fine from
the command line as either the Nagios user or root, but when I try it as a
Nagios service, I get service critical with "no output!". I have added the
"-w" option to the perl command line and cleaned up some minor warning
messages, but it still refuses to work inside Nagios, but runs fine on the
command line.  I suspect this is the embedded perl working differently from
"normal" perl. 

Is there a way to "turn off" embedded perl without recompiling Nagios?
How would one go about debugging the embedded perl?

Regards,
Greg King 
-----------------------
From: Schaffranneck, Sven (K-DOI-5/4) <sven at vo...>
 AW: Monitoring Windows Event Log from Nagios   
2004-05-11 23:27  
 Hi Steve,
 
 > Does anyone out there have a method to monitor the Windows 
 > Event log using
 > Nagios?
 
 have a look at http://naplax.sourceforge.net/check_win_eventlog.html for
 NAPLAX and it"s Windows Eventlog Addon.
 
 Poorly it doesn"t support the embedded Perl Nagios and the author doesn"t
 know how to change the perl-script to work with ePN. Maybe anyone else want
 this!? :-)
 
 Greets Sven

 




-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting
any issue. 
::: Messages without supporting info will risk being sent to /dev/null
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20040822/b7245017/attachment.html>
Previous message: AW: Monitoring Windows Event Log from Nagios
Next message: problem with /nagios/ access
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list