Checking Windows Eventlogs with Nagios

Steve Shipway s.shipway at auckland.ac.nz
Fri Jun 4 05:39:38 CEST 2004

Previous message: Checking Windows Eventlogs with Nagios
Next message: Migrate or wait?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>"I wonder if it is possible to monitor the Windows 2000+ Event 
>Logs with any kind of Nagios Plugin. Like sending an alarm 
>mail when Error with ID xyz accours or someting like that. 
>Could you give me a hint, which plugin i could use for that? I 
>already googled for that, but had no luck in finding an answer."

After asking a similar question here myself, I investigated a large number
of options that helpful people had suggested  before settling on using
ntsyslog to relay the messages to syslog on the (Linux based) Nagios server,
and then syslog-ng which feeds the logs to a fifo which feeds into a
self-written daemon that updates passive services in Nagios.  This was the
best way since we also have logs coming from UNIX servers, and I needed to
perform a lot of pattern matching on the logs.  Also, I wanted an error
status to expire after a set amount of time.

I set ntsyslog to relay application, security and system logs as
local0,local1 and local2 respectively, and to only send warn/error messages.


On the monitored hosts, I set syslog-ng to filter local0.warn into
/var/tmp/application.fifo (and so on).

On the Syslog server, my perl script daemon (email me if you want a copy)
runs listening on the fifos, and matches regexps before calling send_nsca to
update the nagios host.

On the Nagios server, nsca is running to accept the passive service data
(from other services as well as from syslog).  The Nagios services are set
for the windows hosts in 'never check, accept passive' mode.  I can send an
example if people are interested.

This might seem a bit complex, but since we need to rnu nsca in any case, we
may as well use it.  Also, we already have a university syslog server, so we
don't want to send logs to multiple locations (and the log parsing and
filtering can be fairly intensive from this many servers).  There's no
reason why you couldn't put the syslog-ng on your nagios server, though.

Hope this was of interest to you all,

Steve

---
Steve Shipway: ITSS, University of Auckland
Email: s.shipway at auckland.ac.nz  Web: http://www.steveshipway.org/  
** We can only discover new oceans when we have the **
** courage to lose sight of the shore.              **
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Steve Shipway.vcf
Type: text/x-vcard
Size: 154 bytes
Desc: not available
URL: <https://www.monitoring-lists.org/archive/users/attachments/20040604/bac798d2/attachment.vcf>

Previous message: Checking Windows Eventlogs with Nagios
Next message: Migrate or wait?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list