AW: Monitoring Windows Event Log from Nagios

[Sand Philipp]

To answer my  own Problem :-)
Maybe I hadbenn blind today, but I didn't see, that you could use
wildcards in the snmptt.conf.
Now I've got one entry in my snmptt.conf, sending all traps with the
Microsoft SNMP Prexfix to Nagios, works great and saves network
resources :)

Fyi, here's the entry:
EVENT microsoft .1.3.6.1.4.1.311.* "Status Events" CRITICAL
FORMAT Eventlogmeldung: $1
EXEC /usr/local/nagios/libexec/submit_check_result $r eventlog WARNING
"$1"

> 
> Hi Shane,
> 
> Sounds like a pretty interesting idea.
> Do you have to edit the snmptt.conf file by hand and add 
> every windows event you want to send to nagios, or is there a 
> MIB or someting? I plan to check about a few thousand 
> Eventtypes, would be a mess to add all those events I think...
> 
> Maybe you can send your snmptt.conf?
> 
> Regards,
> Philipp
> 
>         You can also monitor the Windows Event Logs by 
> utilizing the built-in utility "evntwin" to select the event 
> IDs you want to alert on, export it to a txt file (command in 
> the utility "evntwin"), then modify the text file and add the 
> following line to that file "#pragma ADD_TRAP_DEST 
> CommunityName HostID", wherer "CommunityName" is the 
> community name that you snmp management device is looking for 
> and where "HostID" is where to send the SNMP trap.  This will 
> make it so when ever this event id appears in the event log, 
> a SNMP trap will be sent immediately to a SNMP management 
> device in real time.
[snip...]
>         Example of an entry in the snmptt.conf file:
> 
>         EVENT landeskShutdown
> .1.3.6.1.4.1.311.1.13.1.20.82.101.109.111.116.101.32.67.111.11
> 0.116.114.
> 111.108.32.65.103.101.110.116.0.5 "Status Events" CRITICAL
> 
>         FORMAT Landesk Login Alert: $1 $2 $3 $4 $5
>         EXEC 
> /usr/local/nagios/libexec/eventhandlers/submit_check_result
> $r Event_Logs 1 "Landesk Login Alert: $1"
>         SDESC
>         Established connection to storage system
>         --NMS trap annotation
>         Variables:
>         EDESC
> 
>         NOTE: the long number is the oid, which can be 
> obtained from the evntcmd utility when you choose the event 
> id to add.  Look at the oid, add a .0 and then add a .x where 
> x equals the "Trap specific ID"
> 
>         **********************************************
> 
>         Example:
>         Enterprise OID:
> 1.3.6.1.4.1.311.1.13.1.20.82.101.109.111.116.101.32.67.111.110
> .116.114.1
> 11.108.32.65.103.101.110.116
>         Trap specific ID: 5
> 
>         OID to look for in snmptt.conf:
> .1.3.6.1.4.1.311.1.13.1.20.82.101.109.111.116.101.32.67.111.11
> 0.116.114.
> 111.108.32.65.103.101.110.116.0.5
> 


************************************************

sycor plastics - die neue Branchenlösung für die Kunststoffindustrie

www.sycor-plastics.de

************************************************




Diese E-Mail ist vertraulich und kann darüber hinaus persönliche Informationen beinhalten. Wenn Sie nicht der bestimmungsgemäße Empfänger sind, löschen Sie bitte die E-Mail und deren Anhänge sofort und benachrichtigen Sie uns darüber. Die Firma sycor willigt in keine Verträge oder vertragliche Verpflichtungen ein oder übermittelt rechtsverbindliche Angebote, die in Form von E-Mail versandt werden, sofern dies nicht ausdrücklich in schriftlicher Form zwischen den Parteien vereinbart wurde.

This e-mail is confidential and may contain personal and/or privileged information. If you are not the intended recipient please delete this e-mail and all attachments immediately and inform us. The company sycor does not agree with contracts or contract obligations sent by e-mail, neither do we transmit legally binding offers by e-mail, unless this is not expressly agreed upon between the parties and documented in written form.



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47&alloc_id808&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null