<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">


<meta name=ProgId content=Word.Document>
<meta name=Generator content="Microsoft Word 10">
<meta name=Originator content="Microsoft Word 10">
<link rel=File-List href="cid:filelist.xml@01C38923.4DD0DC20">
<title>How can Nagios interact with NT Event Logs?</title>
<!--[if gte mso 9]><xml>
 <o:OfficeDocumentSettings>
  <o:DoNotRelyOnCSS/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:SpellingState>Clean</w:SpellingState>
  <w:GrammarState>Clean</w:GrammarState>
  <w:DocumentKind>DocumentEmail</w:DocumentKind>
  <w:EnvelopeVis/>
  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
 </w:WordDocument>
</xml><![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;
        mso-font-charset:0;
        mso-generic-font-family:swiss;
        mso-font-pitch:variable;
        mso-font-signature:1627421319 -2147483648 8 0 66047 0;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {mso-style-parent:"";
        margin:0cm;
        margin-bottom:.0001pt;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:"Times New Roman";
        mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;
        text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;
        text-underline:single;}
p
        {mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:"Times New Roman";
        mso-fareast-font-family:"Times New Roman";}
span.EmailStyle18
        {mso-style-type:personal-reply;
        mso-style-noshow:yes;
        mso-ansi-font-size:10.0pt;
        mso-bidi-font-size:10.0pt;
        font-family:Arial;
        mso-ascii-font-family:Arial;
        mso-hansi-font-family:Arial;
        mso-bidi-font-family:Arial;
        color:navy;}
span.SpellE
        {mso-style-name:"";
        mso-spl-e:yes;}
span.GramE
        {mso-style-name:"";
        mso-gram-e:yes;}
@page Section1
        {size:595.3pt 841.9pt;
        margin:72.0pt 90.0pt 72.0pt 90.0pt;
        mso-header-margin:35.4pt;
        mso-footer-margin:35.4pt;
        mso-paper-source:0;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
 /* Style Definitions */ 
 table.MsoNormalTable
        {mso-style-name:"Table Normal";
        mso-tstyle-rowband-size:0;
        mso-tstyle-colband-size:0;
        mso-style-noshow:yes;
        mso-style-parent:"";
        mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
        mso-para-margin:0cm;
        mso-para-margin-bottom:.0001pt;
        mso-pagination:widow-orphan;
        font-size:10.0pt;
        font-family:"Times New Roman";}
</style>
<![endif]-->
</head>

<body lang=EN-GB link=blue vlink=purple style='tab-interval:36.0pt'>

<div class=Section1>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><!-- Converted from text/rtf format -->Hello,<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><span
style='mso-spacerun:yes'> </span>This was asked a while ago, should be
something in the archives of help.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>I replied then but I monitor Windows
Events logs a different way now <span class=GramE>( thanks</span> mainly to
suggestions from this list ) so I’ll reply again.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>The way I do it is use a product called
snare (<a href="http://sourceforge.net/projects/snare/">http://sourceforge.net/projects/snare/</a>)
on the servers to send event logs in real time to a <span class=SpellE>syslog</span>
server, also my <span class=SpellE>nagios</span> box.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>I then use <span class=SpellE>syslog-ng</span>
to filter the logs into folders like /<span class=SpellE>var/log/remote-host/fileserver/Events.log</span>,
and have simple <span class=SpellE>perl</span> scripts to parse them for particular
errors/reports.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>I have one script that basically returns a
warning if there’s errors in the system log in the past 24 hours &
others to look for specific events, like <span class=SpellE>arcserve</span> back
up failure etc<span class=GramE>..</span><o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>There’s a <span class=SpellE>plugin</span>
called check_log.pl or something similar that may be of use that comes with <span
class=SpellE>nagios</span>.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Hope that’s of help!<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Dave.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal style='margin-left:36.0pt'><font size=2 face=Tahoma><span
lang=EN-US style='font-size:10.0pt;font-family:Tahoma;mso-ansi-language:EN-US'>-----Original
Message-----<br>
<b><span style='font-weight:bold'>From:</span></b>
nagios-users-admin@lists.sourceforge.net
[mailto:nagios-users-admin@lists.sourceforge.net] <b><span style='font-weight:
bold'>On Behalf Of </span></b>Josh Van As<br>
<b><span style='font-weight:bold'>Sent:</span></b> 02 October 2003 12:18<br>
<b><span style='font-weight:bold'>To:</span></b> nagios-users@lists.sourceforge.net<br>
<b><span style='font-weight:bold'>Subject:</span></b> [Nagios-users] How can
Nagios interact with NT Event Logs?</span></font></p>

<p class=MsoNormal style='margin-left:36.0pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><o:p> </o:p></span></font></p>

<p style='margin-left:36.0pt'><font size=2 face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;mso-ansi-language:EN-US'>How can
Nagios interact with NT Event Logs?</span></font><o:p></o:p></p>

<p style='margin-left:36.0pt'><font size=2 face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;mso-ansi-language:EN-US'>I want to be
able to selectively look for events on my Windows Servers and</span></font><span
lang=EN-US style='mso-ansi-language:EN-US'> </span><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial;mso-ansi-language:EN-US'>create
notification events if they</span></font><span lang=EN-US style='mso-ansi-language:
EN-US'> </span><font size=2 face=Arial><span lang=EN-US style='font-size:10.0pt;
font-family:Arial;mso-ansi-language:EN-US'>occur. </span></font><span
lang=EN-US style='mso-ansi-language:EN-US'> </span><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial;mso-ansi-language:EN-US'>I
am pretty new to Nagios, so if anyone could give me a few ideas / suggestions
on how I could go about this, I would appreciate it.</span></font><o:p></o:p></p>

<p style='margin-left:36.0pt'><font size=2 face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;mso-ansi-language:EN-US'>Thanks,</span></font><o:p></o:p></p>

<p style='margin-left:36.0pt'><font size=2 face=Arial><span lang=EN-US
style='font-size:10.0pt;font-family:Arial;mso-ansi-language:EN-US'>Josh</span></font><o:p></o:p></p>

</div>

</body>

</html>