Monitoring Windows Eventviewer
Frater, Greg J
GJFRATER at bechtel.com
Tue Jun 3 16:14:46 CEST 2008
> Thanks for the info,
> Great that it can be done with the NSClient++ as I have it installed
on all our servers.
> What do I need to define in the NSClient++ agent and where ?
> Is it in the .ini file or elsewhere ?
The only thing you need to do on the Windows server is enable the
CheckEventLog.dll by removing the semicolon from that line in the
nsc.ini file.
Regards,
-greg
From: Frater, Greg J [mailto:GJFRATER at bechtel.com]
Sent: maandag 2 juni 2008 21:41
To: Tim Van Caeyzeele
Cc: nagios-users at lists.sourceforge.net
Subject: Re: [Nagios-users] Monitoring Windows Eventviewer
>Dear All,
>Would anyone have experience in checking the windows eventviewer for
certain events, or turning nagios red in case of ERRORs ?
>What script are you using ? preferably something that can simply
interact with NSClient
We do this using the NSClient++ agent (www.nsclient.org
<file:///\\www.nsclient.org> ). It checks the event logs and filters
them based on criteria you define, alerting when the number of hits you
specify is reached (i.e. when the system log has 1 or more events with
an ID of XXXX within the last 10 minutes send alerts). Here is an
example we use to monitor for a specific Oracle error. In the example
we check the "application" log of the server every "60" minutes for
events with an ID of "20" with event type of "Error" containing a string
in the text of the message "Can not allocate log", check turns critical
after 1 matching event is found that is time stamped within the last
"65" minutes.
Checkcommands.cfg:
define command{
command_name check_eventlogs
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -p 5666 -c
checkEventLog -a filter=new $ARG1$ MaxWarn=$ARG2$ MaxCrit=$ARG3$
filter-generated=\$ARG4$ $ARG5$ truncate=$ARG6$
# Desc:
# $ARG1$ = event logs to check (i.e. file=system file=application)
# $ARG2$ = Warning level (i.e. number of hits to generate a
warning response)
# $ARG3$ = Critical level (i.e. number of hits to generate a
critcal response)
# $ARG4$ = Time period (i.e. 1 day is '1d' 30 hours is '>30h')
# $ARG5$ = Filters (i.e. filter-eventID==9009
filter-eventSource=Tcpip) see
http://www.nsclient.org/nscp/wiki/CheckEventLog/CheckEventLog
<http://www.nsclient.org/nscp/wiki/CheckEventLog/CheckEventLog> for
detailed info
# $ARG6$ = Amount of data to return in characters (i.e.
truncate=150)
# Example: check_nrpe -H server_name_here -p 5666 -c checkEventLog
-a filter=new file=system MaxWarn=1 MaxCrit=1 filter-generated=\>30h
filter+eventID==10002 descriptions truncate=138
}
Services.cfg:
define service{
use standard-srv
service_description eventlog: Oracle archive log
errors
check_command
check_eventlogs!file=application!1!1!>65m!filter+eventID==20
filter+eventType==error filter+message=substr:"Can not allocate log"!100
normal_check_interval 60
notification_options w,c
contact_groups apps
host_name server1, server2
}
HTH,
-greg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20080603/a450dfe5/attachment.html>
-------------- next part --------------
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list