Monitoring Windows Eventviewer

Anthony Montibello amontibello at gmail.com
Tue Jun 3 01:16:24 CEST 2008
Previous message: Monitoring Windows Eventviewer
Next message: Monitoring Windows Eventviewer
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
NC_NEt also has Event Log check,  that can be checked via Check_NC_NEt
(nc_net version of check_nt that was modified from the official plugin
check_nt)   NC_net offers checking threadhold -c or -w based on the number
of results from the event log query.  It also offers filers for which log,
How resent, Event Type, Source, Event ID, and Regular Expessions against the
message field.


TOny

On Mon, Jun 2, 2008 at 3:41 PM, Frater, Greg J <GJFRATER at bechtel.com> wrote:

>  >Dear All,
>
> >Would anyone have experience in checking the windows eventviewer for
> certain events, or turning nagios red in case of ERRORs ?
>
> >What script are you using ? preferably something that can simply interact
> with NSClient
>
> We do this using the NSClient++ agent (*www.nsclient.org*).  It checks the
> event logs and filters them based on criteria you define, alerting when the
> number of hits you specify is reached (i.e. when the system log has 1 or
> more events with an ID of XXXX within the last 10 minutes send alerts).
> Here is an example we use to monitor for a specific Oracle error.  In the
> example we check the "application" log of the server every "60" minutes for
> events with an ID of "20" with event type of "Error" containing a string in
> the text of the message "Can not allocate log", check turns critical after 1
> matching event is found that is time stamped within the last "65" minutes.
>
> Checkcommands.cfg:
> define command{
>         command_name    check_eventlogs
>         command_line    $USER1$/check_nrpe -H $HOSTADDRESS$ -p 5666 -c
> checkEventLog -a filter=new $ARG1$ MaxWarn=$ARG2$ MaxCrit=$ARG3$
> filter-generated=\$ARG4$ $ARG5$ truncate=$ARG6$
>
> # Desc:
> #       $ARG1$ = event logs to check (i.e. file=system file=application)
> #       $ARG2$ = Warning level (i.e. number of hits to generate a warning
> response)
> #       $ARG3$ = Critical level (i.e. number of hits to generate a critcal
> response)
> #       $ARG4$ = Time period (i.e. 1 day is '1d' 30 hours is '>30h')
> #       $ARG5$ = Filters (i.e. filter-eventID==9009
> filter-eventSource=Tcpip) see *
> http://www.nsclient.org/nscp/wiki/CheckEventLog/CheckEventLog*<http://www.nsclient.org/nscp/wiki/CheckEventLog/CheckEventLog>for detailed info
>
> #       $ARG6$ = Amount of data to return in characters (i.e. truncate=150)
> #       Example: check_nrpe -H server_name_here -p 5666 -c checkEventLog -a
> filter=new file=system MaxWarn=1 MaxCrit=1 filter-generated=\>30h
> filter+eventID==10002 descriptions truncate=138
>
>         }
>
> Services.cfg:
> define service{
>         use                             standard-srv
>         service_description             eventlog: Oracle archive log errors
>         check_command
> check_eventlogs!file=application!1!1!>65m!filter+eventID==20
> filter+eventType==error filter+message=substr:"Can not allocate log"!100
>
>         normal_check_interval           60
>         notification_options            w,c
>         contact_groups                  apps
>         host_name                       server1, server2
>         }
>
> HTH,
>
> -greg
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20080602/218a8921/attachment.html>
-------------- next part --------------
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: Monitoring Windows Eventviewer
Next message: Monitoring Windows Eventviewer
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list