using Linux for a specific Windows Event

Rene Fertig me at renux.de
Tue Jun 24 16:52:15 CEST 2008


Hello Michael.

Michael Dalton wrote:
> I am using Fedora 6 with nagios 2.9 monitoring multiple windows 2003
> servers. I have looked on the message boards for a solution and have not
> come up with one.
>
> What I would like to do is monitor a specific windows event.....event
> id=55....(a disc failure or beginning to fail).
>
> Has anyone else done this?

I've just done this. There are several ways. You can use NC_Net 
(http://shatterit.com/nc_net/) which has the ability to monitor the eventlog. 
But I haven't tested it.

I'm using Logparser 2.2 
(http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en) 
which parses the eventlog for some IDs, e.g.:

logparser "SELECT * FROM System where EventID IN(500;501;503;509;510)" -i:EVT 
-o:csv > "c:\Programme\Log Parser 2.2\output.csv"

One can use FIND to look if one of the IDs was found. I do this with the 
following batch/cmd file which is called itself by NRPE_NT (see 
Nagios-Exchange):

@ECHO OFF
"C:\Programme\Log Parser 2.2\logparser" "SELECT * FROM System where EventID 
IN(500;501;503;509;510)" -i:EVT -o:csv > d:\Logparser\output.csv
FIND "Elements output:    0" "C:\Programme\Log Parser 2.2\output.csv" > NUL
IF %ERRORLEVEL% GTR 0 (
  REM FIND "System," "C:\Programme\Log Parser 2.2\output.csv"
  echo Fehlermeldung im System-Eventlog gefunden
  exit 1
)
echo OK
exit 0

Probably using NC_Net is much smarter but I did it this way, since we already 
use NRPE_NT on this server.

Greetings, Rene

--
Tipps & Tricks für Linux, MySQL & Webdesign
  -> http://home.telebel.de/~referti/blog/

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


More information about the Users mailing list