<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2658.2"> <TITLE>RE: [Nagios-users] RE: AW: Monitoring Windows Event Log from Nagios</TITLE> </HEAD> <BODY> You can also monitor the Windows Event Logs by utilizing the built-in utility "evntwin" to select the event IDs you want to alert on, export it to a txt file (command in the utility "evntwin"), then modify the text file and add the following line to that file "#pragma ADD_TRAP_DEST CommunityName HostID", wherer "CommunityName" is the community name that you snmp management device is looking for and where "HostID" is where to send the SNMP trap. This will make it so when ever this event id appears in the event log, a SNMP trap will be sent immediately to a SNMP management device in real time. I then have net-snmp (snmpd, snmptrapd), snmptt (utilty to interperet the trap) and nsca / send-nsca (To send the output to Nagios). SNMPTRAPD intercepts the trap, in which you have a traphandler that points this to snmptthandler in the snmptrapd.conf file. (Looks like this: traphandle default /usr/sbin/snmptthandler) SNMPTTHANDLER then checks it's config file for the matching OID or Trap (snmptt.conf) Example of an entry in the snmptt.conf file: EVENT landeskShutdown .1.3.6.1.4.1.311.1.13.1.20.82.101.109.111.116.101.32.67.111.110.116.114.111.108.32.65.103.101.110.116.0.5 "Status Events" CRITICAL FORMAT Landesk Login Alert: $1 $2 $3 $4 $5 EXEC /usr/local/nagios/libexec/eventhandlers/submit_check_result $r Event_Logs 1 "Landesk Login Alert: $1" SDESC Established connection to storage system --NMS trap annotation Variables: EDESC NOTE: the long number is the oid, which can be obtained from the evntcmd utility when you choose the event id to add. Look at the oid, add a .0 and then add a .x where x equals the "Trap specific ID" ********************************************** Example: Enterprise OID: 1.3.6.1.4.1.311.1.13.1.20.82.101.109.111.116.101.32.67.111.110.116.114.111.108.32.65.103.101.110.116 Trap specific ID: 5 OID to look for in snmptt.conf: .1.3.6.1.4.1.311.1.13.1.20.82.101.109.111.116.101.32.67.111.110.116.114.111.108.32.65.103.101.110.116.0.5 *********************************************** The snmptthandler interperets it and based off the EXEC command, it sends the output to an "eventhandler" file. I have an eventhandler file that looks like this named "submit_check_result": # Arguments # $1 = name of host in service definition # $2 = name/description of service in service definition # $3 = return code # $4 = output /bin/echo -e "$1\t$2\t$3\t$4\n" | /usr/local/nagios/bin/send_nsca -H 127.0.0.1 -c /usr/local/nagios/etc/send_nsca.cfg You have to have the following Daemons run with these options: SNMPD: -s -l /dev/null -P /var/run/snmpd -a SNMPTRAPD: -u /var/run/snmptrapd.pid -o /var/log/snmptrapd.log -Dsnmptrapd -On References: SNMPD: net-snmp.org SNMPTT: snmptt.org EVNTCMD: <A HREF="http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/evntcmd.mspx" TARGET="_blank">http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/evntcmd.mspx</A> NSCA / SEND-NSCA: nagios.org This is a longer way to go about it, but it works in real-time and works pretty slick. -Shane -----Original Message----- From: nagios-users-admin@lists.sourceforge.net [<A HREF="mailto:nagios-users-admin@lists.sourceforge.net">mailto:nagios-users-admin@lists.sourceforge.net</A>]On Behalf Of Greg King Sent: Sunday, August 22, 2004 12:55 AM To: nagios-users@lists.sourceforge.net Subject: [Nagios-users] RE: AW: Monitoring Windows Event Log from Nagios Hi list, Environment: RH9, Nagios 1.2 from DAG RPMs. I have installed the windows event monitor of Naplax and it works fine from the command line as either the Nagios user or root, but when I try it as a Nagios service, I get service critical with "no output!". I have added the "-w" option to the perl command line and cleaned up some minor warning messages, but it still refuses to work inside Nagios, but runs fine on the command line. I suspect this is the embedded perl working differently from "normal" perl. Is there a way to "turn off" embedded perl without recompiling Nagios? How would one go about debugging the embedded perl? Regards, Greg King ----------------------- From: Schaffranneck, Sven (K-DOI-5/4) <sven@vo...> AW: Monitoring Windows Event Log from Nagios 2004-05-11 23:27 Hi Steve, > Does anyone out there have a method to monitor the Windows > Event log using > Nagios? have a look at <A HREF="http://naplax.sourceforge.net/check_win_eventlog.html" TARGET="_blank">http://naplax.sourceforge.net/check_win_eventlog.html</A> for NAPLAX and it"s Windows Eventlog Addon. Poorly it doesn"t support the embedded Perl Nagios and the author doesn"t know how to change the perl-script to work with ePN. Maybe anyone else want this!? :-) Greets Sven ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. <A HREF="http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285" TARGET="_blank">http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285</A> _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net <A HREF="https://lists.sourceforge.net/lists/listinfo/nagios-users" TARGET="_blank">https://lists.sourceforge.net/lists/listinfo/nagios-users</A> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null </BODY> </HTML>