NC_Net.EventLog.Receiving error codes.Could I receive more info from the EventLog?

Anthony Montibello amontibello at gmail.com
Thu Oct 4 20:06:51 CEST 2007

Previous message: NC_Net.EventLog.Receiving error codes.Could I receive more info from the EventLog?
Next message: NC_Net.EventLog.Receiving error codes.Could I receive more info from the EventLog?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

 WMI should solve this problem for you.

Just some notes on related to this issue,

First off, make sure your using the current version of NC_NEt 4.1a and you
would have access to a more optimized event log check called "eventlog_new"
The original eventlog searched the logs from the wrong end, and thus takes a
long time on large logs, this new version asside from using different syntex
checks from the most resent event first.

The Output is the same, thus it does not give what your are looking for.
(but it may be more optimized than the WMI You would need to test this.)  if
it is a quicker test, I recomend using it and setting up event handlers or
manually running check_nt using WMI to get the file name.  note this assumes
that you normally do not get an alert , so you would want the checking to
induce the least load.

If you know the names of the files you can setup seperate checks using the
REGEXP of the EVENTLOG_NEw and this would serve as a workaround.

If your looking for the files being modified. FILEAGE may be a good
workaround.

you should be able to setup an event handler that takes the EVENTID reported
by EVENTLOG check and runs a WMICAT, querry the WMI (Windows Managment
interface) for the Event Log Message.
CLASS - CIMV2  Win32_NTLogEvent -has the events  and the messeges in it.
writing a querry to it may be tricky but if you need the File mane from the
Message field this is the way to get it without writing new scripts, or
paying for upgrades.

or just run WMI checks directly and use wrapper scripts to interpret the
results.
please not on this, if a querry has no match there may be a NO OUTPUT error.

Good Luck.

TOny (author of NC_Net)

On 10/4/07, Florencio Cano <florencio.cano at gmail.com> wrote:
>
> Hello,
> Thanks to Hugo and Roger help I've been able to check Windows 2003
> EventLog from the Nagios server. My idea is to audit access to some
> objects in the Windows 2003 machine as for example, a confidential
> document. And I want to see an alert in Nagios when I receive this
> information from the Windows EventLog Plugin (check_nt -v EVENTLOG).
> But, now, I'm receiving only the error codes and I want to receive
> more info detailed in the EventLog as for example the object name
> (filename in my case). Is this possible?
>
> And I wanted to say that I'm using NC_Net in a Spanish installation
> Windows 2003 installation and it seems to run ok.
> --
> Florencio Cano Gabarda
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20071004/bab73b3f/attachment.html>
-------------- next part --------------
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: NC_Net.EventLog.Receiving error codes.Could I receive more info from the EventLog?
Next message: NC_Net.EventLog.Receiving error codes.Could I receive more info from the EventLog?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list