AW: Monitoring Windows Event Log from Nagios

Sand Philipp Philipp.Sand at sycor.de
Thu Sep 2 10:21:40 CEST 2004


Hi Shane,

Sounds like a pretty interesting idea.
Do you have to edit the snmptt.conf file by hand and add every windows
event you want to send to nagios, or is there a MIB or someting? I plan
to check about a few thousand Eventtypes, would be a mess to add all
those events I think...

Maybe you can send your snmptt.conf?

Regards,
Philipp




________________________________

        From: nagios-users-admin at lists.sourceforge.net
[mailto:nagios-users-admin at lists.sourceforge.net] On Behalf Of Reutzel,
Shane
        Sent: Sunday, August 22, 2004 3:09 PM
        To: 'wgking at cips.ca'; nagios-users at lists.sourceforge.net
        Subject: RE: [Nagios-users] RE: AW: Monitoring Windows Event Log
from Nagios
       
       

        You can also monitor the Windows Event Logs by utilizing the
built-in utility "evntwin" to select the event IDs you want to alert on,
export it to a txt file (command in the utility "evntwin"), then modify
the text file and add the following line to that file "#pragma
ADD_TRAP_DEST CommunityName HostID", wherer "CommunityName" is the
community name that you snmp management device is looking for and where
"HostID" is where to send the SNMP trap.  This will make it so when ever
this event id appears in the event log, a SNMP trap will be sent
immediately to a SNMP management device in real time.

        I then have net-snmp (snmpd, snmptrapd), snmptt (utilty to
interperet the trap) and nsca / send-nsca (To send the output to
Nagios).

        SNMPTRAPD intercepts the trap, in which you have a traphandler
that points this to snmptthandler in the snmptrapd.conf file.

        (Looks like this:  traphandle default /usr/sbin/snmptthandler)

        SNMPTTHANDLER then checks it's config file for the matching OID
or Trap (snmptt.conf)

        Example of an entry in the snmptt.conf file:

        EVENT landeskShutdown
.1.3.6.1.4.1.311.1.13.1.20.82.101.109.111.116.101.32.67.111.110.116.114.
111.108.32.65.103.101.110.116.0.5 "Status Events" CRITICAL

        FORMAT Landesk Login Alert: $1 $2 $3 $4 $5
        EXEC /usr/local/nagios/libexec/eventhandlers/submit_check_result
$r Event_Logs 1 "Landesk Login Alert: $1"
        SDESC
        Established connection to storage system
        --NMS trap annotation
        Variables:
        EDESC

        NOTE: the long number is the oid, which can be obtained from the
evntcmd utility when you choose the event id to add.  Look at the oid,
add a .0 and then add a .x where x equals the "Trap specific ID"

        **********************************************

        Example:
        Enterprise OID:
1.3.6.1.4.1.311.1.13.1.20.82.101.109.111.116.101.32.67.111.110.116.114.1
11.108.32.65.103.101.110.116
        Trap specific ID: 5

        OID to look for in snmptt.conf:
.1.3.6.1.4.1.311.1.13.1.20.82.101.109.111.116.101.32.67.111.110.116.114.
111.108.32.65.103.101.110.116.0.5

        ***********************************************

        The snmptthandler interperets it and based off the EXEC command,
it sends the output to an "eventhandler" file.

        I have an eventhandler file that looks like this named
"submit_check_result":

        # Arguments
        #       $1 = name of host in service definition
        #       $2 = name/description of service in service definition
        #       $3 = return code
        #       $4 = output
        /bin/echo -e "$1\t$2\t$3\t$4\n" |
/usr/local/nagios/bin/send_nsca -H 127.0.0.1 -c
/usr/local/nagios/etc/send_nsca.cfg


        You have to have the following Daemons run with these options:

        SNMPD: -s -l /dev/null -P /var/run/snmpd -a
        SNMPTRAPD: -u /var/run/snmptrapd.pid  -o /var/log/snmptrapd.log
-Dsnmptrapd -On

        References:
        SNMPD: net-snmp.org
        SNMPTT: snmptt.org
        EVNTCMD:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs
/en-us/evntcmd.mspx
        NSCA / SEND-NSCA: nagios.org

        This is a longer way to go about it, but it works in real-time
and works pretty slick.

        -Shane

        -----Original Message-----
        From: nagios-users-admin at lists.sourceforge.net
        [mailto:nagios-users-admin at lists.sourceforge.net]On Behalf Of
Greg King
        Sent: Sunday, August 22, 2004 12:55 AM
        To: nagios-users at lists.sourceforge.net
        Subject: [Nagios-users] RE: AW: Monitoring Windows Event Log
from Nagios


        Hi list,

        Environment: RH9, Nagios 1.2 from DAG RPMs.

        I have installed the windows event monitor of Naplax and it
works fine from the command line as either the Nagios user or root, but
when I try it as a Nagios service, I get service critical with "no
output!". I have added the "-w" option to the perl command line and
cleaned up some minor warning messages, but it still refuses to work
inside Nagios, but runs fine on the command line.  I suspect this is the
embedded perl working differently from "normal" perl.

        Is there a way to "turn off" embedded perl without recompiling
Nagios?
        How would one go about debugging the embedded perl?

        Regards,
        Greg King
        -----------------------
        From: Schaffranneck, Sven (K-DOI-5/4) <sven at vo...>
         AW: Monitoring Windows Event Log from Nagios  
        2004-05-11 23:27 
         Hi Steve,
         
         > Does anyone out there have a method to monitor the Windows
         > Event log using
         > Nagios?
         
         have a look at
http://naplax.sourceforge.net/check_win_eventlog.html for
         NAPLAX and it"s Windows Eventlog Addon.
         
         Poorly it doesn"t support the embedded Perl Nagios and the
author doesn"t
         know how to change the perl-script to work with ePN. Maybe
anyone else want
         this!? :-)
         
         Greets Sven

       


        -------------------------------------------------------
        SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank
Media
        100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only
$33
        Save 50% off Retail on Ink & Toner - Free Shipping and Free
Gift.
        http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
        _______________________________________________
        Nagios-users mailing list
        Nagios-users at lists.sourceforge.net
        https://lists.sourceforge.net/lists/listinfo/nagios-users
        ::: Please include Nagios version, plugin version (-v) and OS
when reporting any issue.
        ::: Messages without supporting info will risk being sent to
/dev/null





************************************************

sycor plastics - die neue Branchenlösung für die Kunststoffindustrie

www.sycor-plastics.de

************************************************




Diese E-Mail ist vertraulich und kann darüber hinaus persönliche Informationen beinhalten. Wenn Sie nicht der bestimmungsgemäße Empfänger sind, löschen Sie bitte die E-Mail und deren Anhänge sofort und benachrichtigen Sie uns darüber. Die Firma sycor willigt in keine Verträge oder vertragliche Verpflichtungen ein oder übermittelt rechtsverbindliche Angebote, die in Form von E-Mail versandt werden, sofern dies nicht ausdrücklich in schriftlicher Form zwischen den Parteien vereinbart wurde.

This e-mail is confidential and may contain personal and/or privileged information. If you are not the intended recipient please delete this e-mail and all attachments immediately and inform us. The company sycor does not agree with contracts or contract obligations sent by e-mail, neither do we transmit legally binding offers by e-mail, unless this is not expressly agreed upon between the parties and documented in written form.



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47&alloc_id808&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list