<div>NC_NEt also has Event Log check, that can be checked via Check_NC_NEt (nc_net version of check_nt that was modified from the official plugin check_nt) NC_net offers checking threadhold -c or -w based on the number of results from the event log query. It also offers filers for which log, How resent, Event Type, Source, Event ID, and Regular Expessions against the message field.</div> <div> </div> <div> </div> <div>TOny </div> <div class="gmail_quote">On Mon, Jun 2, 2008 at 3:41 PM, Frater, Greg J <<a href="mailto:GJFRATER@bechtel.com">GJFRATER@bechtel.com</a>> wrote: <blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"> <div> <div class="Ih2E3d"> >Dear All, >Would anyone have experience in checking the windows eventviewer for certain events, or turning nagios red in case of ERRORs ? >What script are you using ? preferably something that can simply interact with NSClient </div> We do this using the NSClient++ agent (<a>www.nsclient.org</a>). It checks the event logs and filters them based on criteria you define, alerting when the number of hits you specify is reached (i.e. when the system log has 1 or more events with an ID of XXXX within the last 10 minutes send alerts). Here is an example we use to monitor for a specific Oracle error. In the example we check the "application" log of the server every "60" minutes for events with an ID of "20" with event type of "Error" containing a string in the text of the message "Can not allocate log", check turns criti cal after 1 matching event is found that is time stamped within the last "65" minutes. Checkcommands.cfg: define command{ command_name check_eventlogs command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -p 5666 -c checkEventLog -a filter=new $ARG1$ MaxWarn=$ARG2$ MaxCrit=$ARG3$ filter-generated=\$ARG4$ $ARG5$ truncate=$ARG6$ # Desc: # $ARG1$ = event logs to check (i.e. file=system file=application) # $ARG2$ = Warning level (i.e. number of hits to generate a warning response) # $ARG3$ = Critical level (i.e. number of hits to generate a critcal response) # $ARG4$ = Time period (i.e. 1 day is '1d' 30 hours is '>30h') # $ARG5$ = Filters (i.e. filter-eventID==9009 filter-eventSource=Tcpip) see <a href="http://www.nsclient.org/nscp/wiki/CheckEventLog/CheckEventLog" target="_blank">http://www.nsclient.org/nscp/wiki/CheckEventLog/CheckEventLog</a> for detailed info # $ARG6$ = Amount of data to return in characters (i.e. truncate=150) # Example: check_nrpe -H server_name_here -p 5666 -c checkEventLog -a filter=new file=system MaxWarn=1 MaxCrit=1 filter-generated=\>30h filter+eventID==10002 descriptions truncate=138 } Services.cfg: define service{ use standard-srv service_description eventlog: Oracle archive log errors check_command check_eventlogs!file=application!1!1!>65m!filter+eventID==20 filter+eventType==error filter+message=substr:"Can not allocate log"!100 normal_check_interval 60 notification_options w,c contact_groups apps host_name server1, server2 } HTH, -greg </div> ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. <a href="http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/" target="_blank">http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/</a> _______________________________________________ Nagios-users mailing list <a href="mailto:Nagios-users@lists.sourceforge.net">Nagios-users@lists.sourceforge.net</a> <a href="https://lists.sourceforge.net/lists/listinfo/nagios-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/nagios-users</a> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null </blockquote></div>