Multiple alerts from one script (Windows Eventlog monitoring)

[M. del Castilho]

Hello everyone. Started testing Nagios since last February, and am very much
please with the functionality. 

I currently have a pilot Nagios implementation, monitoring about 100 Windows
2003 servers. I have one WinXP client, installed with a NSClient++ agent.
All checks are executed remotely from the WinXP workstation, which acts as a
proxy. My servers are agentless. 

Now I have created a vbs script to collect entries from the Windows
eventlog, alerting on filtered errors, warning, eventsource, eventide, etc.
For each defined filter I create one Service in Nagios (eg. I have one
service checking for Antivirus events, another service checking for
Printserver events, one service checking for DNS events, etc.)

Each run of the script could report on multiple events. At the moment the
script creates one single alert, showing multiple events. 

However, I would like to 

A.	have one alert generated for each unique event (in order to use the
notification mechanism). If possible I would like to implement an
event-database, where I would be able to handle each unique alert. Something
similar to MOM, where a count of each unique event is displayed, and as long
as the event is not yet closed no new notifications are being sent out. 
B.	In the end, I would like to implement some module, that will create
a ticket in our Ultimo helpdesk system, for each new alert generated. 

Is this feasible with a combination of NSCA and Nagios Eventdb  ? I have not
yet been able to get the Eventdb running properly yet, so at the moment I am
unable to assess the value of this tool. Also with NSCA I have just started
playing. However, after some time I started getting NTVDM errors, which
would only resolve with a reboot from my proxy.Th built-in NSCA
functionality in the NSClient++ will only allow me (or so it seems) to run
one instance of every defined script at a regular interval.

Has anyone implemented something similar yet, and how did you get everything
up and running ? 

 

Thanks in advance for feedback,

Mike

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20090508/53263b17/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
production scanning environment may not be a perfect world - but thanks to
Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
Series Scanner you'll get full speed at 300 dpi even with all image 
processing features enabled. http://p.sf.net/sfu/kodak-com
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null