NC_Net.EventLog.Receiving error codes.Could I receive more info from the EventLog?

Anthony Montibello amontibello at gmail.com
Fri Oct 5 18:28:04 CEST 2007


Just to clarify,

Eventlog_new Should be a cleaner command line, and should cut down in time
to complete.

IT will NOT return the Message field of the events!

TOny (Author of NC_NEt)


On 10/5/07, Florencio Cano <florencio.cano at gmail.com> wrote:
>
> Thanks. You gave me some valious point to continue my work. I was not
> using the last version of NC_Net. I will try EVENTLOG_NEW and I will
> try to implement any of the solutions that you have commented. I will
> post any result I get.
>
> 2007/10/4, Anthony Montibello <amontibello at gmail.com>:
>
> > WMI should solve this problem for you.
> >
> > First off, make sure your using the current version of NC_NEt 4.1a and
> you
> > would have access to a more optimized event log check called
> "eventlog_new"
> >
> > The Output is the same, thus it does not give what your are looking for.
> > (but it may be more optimized than the WMI You would need to test
> this.)  if
> > it is a quicker test, I recomend using it and setting up event handlers
> or
> > manually running check_nt using WMI to get the file name.  note this
> assumes
> > that you normally do not get an alert , so you would want the checking
> to
> > induce the least load.
> >
> > If you know the names of the files you can setup seperate checks using
> the
> > REGEXP of the EVENTLOG_NEw and this would serve as a workaround.
> >
> > If your looking for the files being modified. FILEAGE may be a good
> > workaround.
> >
> > you should be able to setup an event handler that takes the EVENTID
> reported
> > by EVENTLOG check and runs a WMICAT, querry the WMI (Windows Managment
> > interface) for the Event Log Message.
> > CLASS - CIMV2  Win32_NTLogEvent -has the events  and the messeges in it.
> > writing a querry to it may be tricky but if you need the File mane from
> the
> > Message field this is the way to get it without writing new scripts, or
> > paying for upgrades.
> >
> > or just run WMI checks directly and use wrapper scripts to interpret the
> > results.
> > please not on this, if a querry has no match there may be a NO OUTPUT
> error.
>
> --
> Florencio Cano Gabarda
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20071005/5cd02bc9/attachment.html>
-------------- next part --------------
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


More information about the Users mailing list