Does anyone have event log monitors that *work*?

[Peter Edmonds]

>   I need to monitor Windows event logs.  You'd think this would
> be easy, but either the tools available out there don't work (which
> I doubt, I KNOW you monitor event logs), or I'm man enough to admit
> that I'm a hopeless idiot.

In my experience, managing Windows Event Logs is a huge pain. The one
thing that I found simplified it was Microsoft Log Parser

http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en

http://www.microsoft.com/technet/community/columns/profwin/pw0505.mspx

http://www.microsoft.com/technet/community/columns/scripts/sg0105.mspx

>From the Microsoft blurb: "Log parser is a powerful, versatile tool
that provides universal query access to text-based data such as log
files, XML files and CSV files, as well as key data sources on the
Windows(r) operating system such as the Event Log, the Registry, the
file system, and Active Directory(r). You tell Log Parser what
information you need and how you want it processed. The results of
your query can be custom-formatted in text based output, or they can
be persisted to more specialty targets like SQL, SYSLOG, or a chart. "

I'm not sure if you can tail logs into Log Parser, but on Windows I
have found it useful for dumping application logfiles to a central
syslog server periodically. Log Parser uses checkpoints to keep track
of where it is up to in an application logfile, so you can schedule
Log Parser to run every minute and dump everything since the last
checkpoint.

You could have Microsoft Log Parser dump the Windows Event Log from
every machine into a central syslog server or MS SQL Server, then
query either of those.

For querying MS SQL Server from Nagios, I have had good results with this

http://article.gmane.org/gmane.network.nagios.user/49183

Either using bsqldb and freetds or a Perl script

http://library.pantek.com/Mailing%20Lists/lists.sourceforge.net/nagios-users/att-1600/check_mssql.pl

Peter Edmonds

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null