effective use of NSClient++ Eventlog management

Kevin Keane subscription at kkeane.com
Sat Jul 24 21:29:54 CEST 2010


I wrote my own event log management plugin because I didn't find one that I liked. You can download it as part of the Sourceforge tntnagiosplugins project. It should work with NSClient++ (although admittedly I am not testing against that).

It reports critical and warning events on the specified host (it will exclude a number of events that are known to be harmless, for instance DCOM 10009 and about a dozen or so other ones).

The "top ten events" seems like interesting functionality, but doesn't really fit very well into the Nagios philosophy. Nagios can ultimately only distinguish between OK, WARNING, CRITICAL. There are better tools for statistical analysis.

The collection of plugins also contains a separate plugin that reports on login errors.

From: Ron Wilson [mailto:ron at tvnz.co.nz]
Sent: Wednesday, July 21, 2010 3:52 PM
To: Nagios Users List
Subject: Re: [Nagios-users] effective use of NSClient++ Eventlog management

I have tried several times over the past year but never managed to get the check_eventlog working. If you have any success do tell us about it

From: keshav murthy [mailto:nkeshav12 at gmail.com]
Sent: Wednesday, 21 July 2010 10:07 p.m.
To: nagios-users at lists.sourceforge.net
Subject: [Nagios-users] effective use of NSClient++ Eventlog management

Dear all,

We are moving from pnsclient to NSclient++ for all our windows client. We would like to use the Event log management available with NSClient++.

We would like to do the following (if it is feasible)

Top Ten events in all the clients overall.
Critical Event IDs on any server: We are looking for only the critical event ID's (like a AD account lockout event ID etc) to be captured and reported to the nagios server.

Have anybody started using this eventlog management effectively and what are your way of putting it in place.

Cheers
Keshav

==========================================================

For more information on the Television New Zealand Group, visit us

online at tvnz.co.nz

==========================================================

CAUTION:  This e-mail and any attachment(s) contain information that

is intended to be read only by the named recipient(s).  This information

is not to be used or stored by any other person and/or organisation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20100724/2162ad27/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


More information about the Users mailing list