<html> <head> <style></style> </head> <body class='hmmessage'> I use: <A href="http://www.monitoringexchange.org/inventory/Check-Plugins/Operating-Systems/Windows/NagEventLog">http://www.monitoringexchange.org/inventory/Check-Plugins/Operating-Systems/Windows/NagEventLog</A><BR> <BR> It works pretty good, and you can set it up to alert for specific errors or look for all and filter out fluff ones. I even went to far as to figure out the registry settings and push updates for the eventIDs to filter via GPO. Maybe not as glamourous, but it worked pretty good in our environment.<BR><BR>-- <BR>Mat W. - <A href="http://www.techadre.com/">http://www.techadre.com</A><BR><BR><BR> <BR> <HR id=stopSpelling> From: subscription@kkeane.com<BR>To: nagios-users@lists.sourceforge.net<BR>Date: Sat, 24 Jul 2010 12:29:54 -0700<BR>Subject: Re: [Nagios-users] effective use of NSClient++ Eventlog management<BR><BR> <STYLE> .ExternalClass p.ecxMsoNormal, .ExternalClass li.ecxMsoNormal, .ExternalClass div.ecxMsoNormal {margin-bottom:.0001pt;font-size:12.0pt;font-family:'Times New Roman','serif';} .ExternalClass a:link, .ExternalClass span.ecxMsoHyperlink {color:blue;text-decoration:underline;} .ExternalClass a:visited, .ExternalClass span.ecxMsoHyperlinkFollowed {color:purple;text-decoration:underline;} .ExternalClass pre {margin-bottom:.0001pt;font-size:10.0pt;font-family:'Courier New';} .ExternalClass p.ecxMsoAcetate, .ExternalClass li.ecxMsoAcetate, .ExternalClass div.ecxMsoAcetate {margin-bottom:.0001pt;font-size:8.0pt;font-family:'Tahoma','sans-serif';} .ExternalClass span.ecxEmailStyle17 {font-family:'Calibri','sans-serif';color:#1F497D;} .ExternalClass span.ecxHTMLPreformattedChar {font-family:Consolas;} .ExternalClass span.ecxEmailStyle20 {font-family:'Calibri','sans-serif';color:#1F497D;} .ExternalClass span.ecxBalloonTextChar {font-family:'Tahoma','sans-serif';} .ExternalClass .ecxMsoChpDefault {font-size:10.0pt;} @page WordSection1 {size:8.5in 11.0in;} .ExternalClass div.ecxWordSection1 {page:WordSection1;} </STYLE> <DIV class=ecxWordSection1> <P class=ecxMsoNormal><SPAN style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt">I wrote my own event log management plugin because I didn’t find one that I liked. You can download it as part of the Sourceforge tntnagiosplugins project. It should work with NSClient++ (although admittedly I am not testing against that).</SPAN></P> <P class=ecxMsoNormal><SPAN style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"> </SPAN></P> <P class=ecxMsoNormal><SPAN style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt">It reports critical and warning events on the specified host (it will exclude a number of events that are known to be harmless, for instance DCOM 10009 and about a dozen or so other ones).</SPAN></P> <P class=ecxMsoNormal><SPAN style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"> </SPAN></P> <P class=ecxMsoNormal><SPAN style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt">The “top ten events” seems like interesting functionality, but doesn’t really fit very well into the Nagios philosophy. Nagios can ultimately only distinguish between OK, WARNING, CRITICAL. There are better tools for statistical analysis.</SPAN></P> <P class=ecxMsoNormal><SPAN style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"> </SPAN></P> <P class=ecxMsoNormal><SPAN style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt">The collection of plugins also contains a separate plugin that reports on login errors.</SPAN></P> <P class=ecxMsoNormal><SPAN style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"> </SPAN></P> <DIV> <DIV style="BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt"> <P style="MARGIN-LEFT: 0.5in" class=ecxMsoNormal><B><SPAN style="FONT-FAMILY: 'Tahoma','sans-serif'; FONT-SIZE: 10pt">From:</SPAN></B><SPAN style="FONT-FAMILY: 'Tahoma','sans-serif'; FONT-SIZE: 10pt"> Ron Wilson [mailto:ron@tvnz.co.nz] <BR><B>Sent:</B> Wednesday, July 21, 2010 3:52 PM<BR><B>To:</B> Nagios Users List<BR><B>Subject:</B> Re: [Nagios-users] effective use of NSClient++ Eventlog management</SPAN></P></DIV></DIV> <P style="MARGIN-LEFT: 0.5in" class=ecxMsoNormal> </P> <P style="MARGIN-LEFT: 0.5in" class=ecxMsoNormal><SPAN style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt" lang=EN-NZ>I have tried several times over the past year but never managed to get the check_eventlog working. If you have any success do tell us about it</SPAN></P> <P style="MARGIN-LEFT: 0.5in" class=ecxMsoNormal><SPAN style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt" lang=EN-NZ> </SPAN></P> <DIV style="BORDER-BOTTOM: medium none; BORDER-LEFT: blue 1.5pt solid; PADDING-BOTTOM: 0in; PADDING-LEFT: 4pt; PADDING-RIGHT: 0in; BORDER-TOP: medium none; BORDER-RIGHT: medium none; PADDING-TOP: 0in"> <DIV> <DIV style="BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt"> <P style="MARGIN-LEFT: 0.5in" class=ecxMsoNormal><B><SPAN style="FONT-FAMILY: 'Tahoma','sans-serif'; FONT-SIZE: 10pt">From:</SPAN></B><SPAN style="FONT-FAMILY: 'Tahoma','sans-serif'; FONT-SIZE: 10pt"> keshav murthy [mailto:nkeshav12@gmail.com] <BR><B>Sent:</B> Wednesday, 21 July 2010 10:07 p.m.<BR><B>To:</B> nagios-users@lists.sourceforge.net<BR><B>Subject:</B> [Nagios-users] effective use of NSClient++ Eventlog management</SPAN></P></DIV></DIV> <P style="MARGIN-LEFT: 0.5in" class=ecxMsoNormal><SPAN lang=EN-NZ> </SPAN></P> <DIV> <P style="MARGIN-LEFT: 0.5in" class=ecxMsoNormal><SPAN lang=EN-NZ>Dear all,</SPAN></P></DIV> <DIV> <P style="MARGIN-LEFT: 0.5in" class=ecxMsoNormal><SPAN lang=EN-NZ> </SPAN></P></DIV> <DIV> <P style="MARGIN-LEFT: 0.5in" class=ecxMsoNormal><SPAN lang=EN-NZ>We are moving from pnsclient to NSclient++ for all our windows client. We would like to use the Event log management available with NSClient++.</SPAN></P></DIV> <DIV> <P style="MARGIN-LEFT: 0.5in" class=ecxMsoNormal><SPAN lang=EN-NZ> </SPAN></P></DIV> <DIV> <P style="MARGIN-LEFT: 0.5in" class=ecxMsoNormal><SPAN lang=EN-NZ>We would like to do the following (if it is feasible)</SPAN></P></DIV> <DIV> <P style="MARGIN-LEFT: 0.5in" class=ecxMsoNormal><SPAN lang=EN-NZ> </SPAN></P></DIV> <DIV> <P style="MARGIN-LEFT: 0.5in" class=ecxMsoNormal><SPAN lang=EN-NZ>Top Ten events in all the clients overall. </SPAN></P></DIV> <DIV> <P style="MARGIN-LEFT: 0.5in" class=ecxMsoNormal><SPAN lang=EN-NZ>Critical Event IDs on any server: We are looking for only the critical event ID's (like a AD account lockout event ID etc) to be captured and reported to the nagios server.</SPAN></P></DIV> <DIV> <P style="MARGIN-LEFT: 0.5in" class=ecxMsoNormal><SPAN lang=EN-NZ> </SPAN></P></DIV> <DIV> <P style="MARGIN-LEFT: 0.5in" class=ecxMsoNormal><SPAN lang=EN-NZ>Have anybody started using this eventlog management effectively and what are your way of putting it in place.</SPAN></P></DIV> <DIV> <P style="MARGIN-LEFT: 0.5in" class=ecxMsoNormal><SPAN lang=EN-NZ> </SPAN></P></DIV> <DIV> <P style="MARGIN-LEFT: 0.5in" class=ecxMsoNormal><SPAN lang=EN-NZ>Cheers</SPAN></P></DIV> <DIV> <P style="MARGIN-LEFT: 0.5in" class=ecxMsoNormal><SPAN lang=EN-NZ>Keshav</SPAN></P></DIV></DIV><PRE style="MARGIN-LEFT: 0.5in"><SPAN lang=EN-NZ>==========================================================</SPAN></PRE><PRE style="MARGIN-LEFT: 0.5in"><SPAN lang=EN-NZ>For more information on the Television New Zealand Group, visit us</SPAN></PRE><PRE style="MARGIN-LEFT: 0.5in"><SPAN lang=EN-NZ>online at tvnz.co.nz </SPAN></PRE><PRE style="MARGIN-LEFT: 0.5in"><SPAN lang=EN-NZ>==========================================================</SPAN></PRE><PRE style="MARGIN-LEFT: 0.5in"><SPAN lang=EN-NZ>CAUTION: This e-mail and any attachment(s) contain information that</SPAN></PRE><PRE style="MARGIN-LEFT: 0.5in"><SPAN lang=EN-NZ>is intended to be read only by the named recipient(s). This information</SPAN></PRE><PRE style="MARGIN-LEFT: 0.5in"><SPAN lang=EN-NZ>is not to be used or stored by any other person and/or organisation.</SPAN></PRE></DIV> <br /><hr />The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail. <a href='http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4' target='_new'>Get busy.</a></body> </html>