Window event viewer

Peter Edmonds pedmonds.nagios at boursedata.com.au
Tue Mar 2 23:03:22 CET 2004


Hi Rudy,
Assuming that the events you want to monitor are logged in the Event Log(for
your Windows boxes), you could centralise yor Windows event logs using
Eventlog to Syslog Utility from

https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys/

and the logsurfer plugin from

http://naplax.sourceforge.net/check_logsurfer.html

in conjunction with logsurfer from

http://www.cert.dfn.de/eng/logsurf/

These 3 utils are easy to setup and make the task of monitoring Windows
Event Logs much simpler. The check_logsurfer plugin allows you to specify
regular expressions to check for, so you can tune the plugin to respond to a
particlar event log message.

Pushing your logs out to a central Linux box is a better solution - you can
analyse the logs more easily using perl or whatever.

Peter Edmonds





  -----Original Message-----
  From: nagios-users-admin at lists.sourceforge.net
[mailto:nagios-users-admin at lists.sourceforge.net]On Behalf Of Darren
Harrison
  Sent: Wednesday, March 03, 2004 7:48 AM
  To: Rudy Montemayor
  Cc: nagios-users at lists.sourceforge.net
  Subject: [Nagios-users] Re: Window event viewer



  Hi Rudy,
  The agent seems to keep track of when it last reported the error, so it
should only respond to errors that are new since the agent was last called.
Unfortunately this gets reset when the computer is restarted.
  The one thing you are probably looking for is that the service needs to be
set to be volatile. Then the error gets reset on the next call.

  I'm sorry I can't help you with your last issue, I haven't had this happen
a lot.

  Darren.

  "Rudy Montemayor" <RMontemayor at huntoil.com> wrote on 03/03/2004 09:04:39
a.m.:

  > Darren,
  >
  > Thanks for the information. I was able to install the agent on 2 Win
  > systems; however I have some questions and welcome anybody that can
  > help me out.
  >
  >
  > 1) What do this agent do exactly? From what I can tell of the
  > operation, it seems that It looks at the whole log and lets you know
  > how many errors there are and when the last one occurred. Then it
  > may be "EventLog OK" and then back to reporting the errors again. It
  > doesn't keep track of what errors it already reported on; it's
  > basically all or nothing.
  >
  > 2) I asked the Windows folks here about the logs and they mentioned
  > that they just let the log roll-over. So that means that once there
  > is an error the agent will continue to flag that error until that
  > particular entry is rolled-over or one manually clears the log;
  > which is the behavior that I'm seeing now.
  >
  > 3) There also appears to be some problem with "(Service Check Timed
  > Out)" and I do not know why this is happening.
  >
  > Any help with be appreciated.
  >
  > Rudy



----------------------------------------------------------------------------
--


  This e-mail is confidential and may contain information subject to legal
privilege.  If you are not the intended recipient please advise us of our
error by return e-mail then delete this e-mail and any attached files.  You
may not copy, disclose or use the contents in any way.

  The views expressed in this e-mail may not be those of Gallagher Group Ltd
or subsidiary companies thereof.



----------------------------------------------------------------------------
--

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20040303/ae425e28/attachment.html>


More information about the Users mailing list