Thanks for the info,
Great that it can be done with the NSClient++ as I have it installed on all our
servers.
What do I need to define in the NSClient++ agent and where ?
Is it in the .ini file or elsewhere ?
Regards,
Tim.
From: Frater, Greg J [mailto:[EMAIL PROTECTED]
Sent: maandag 2 juni 2008 21:41
To: Tim Van Caeyzeele
Cc: nagios-users@lists.sourceforge.net
Subject: Re: [Nagios-users] Monitoring Windows Eventviewer
>Dear All,
>Would anyone have experience in checking the windows eventviewer for certain
>events, or turning nagios red in case of ERRORs ?
>What script are you using ? preferably something that can simply interact with
>NSClient
We do this using the NSClient++ agent
(www.nsclient.org<file:///\\www.nsclient.org>). It checks the event logs and
filters them based on criteria you define, alerting when the number of hits you
specify is reached (i.e. when the system log has 1 or more events with an ID of
XXXX within the last 10 minutes send alerts). Here is an example we use to
monitor for a specific Oracle error. In the example we check the "application"
log of the server every "60" minutes for events with an ID of "20" with event
type of "Error" containing a string in the text of the message "Can not
allocate log", check turns critical after 1 matching event is found that is
time stamped within the last "65" minutes.
Checkcommands.cfg:
define command{
command_name check_eventlogs
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -p 5666 -c
checkEventLog -a filter=new $ARG1$ MaxWarn=$ARG2$ MaxCrit=$ARG3$
filter-generated=\$ARG4$ $ARG5$ truncate=$ARG6$
# Desc:
# $ARG1$ = event logs to check (i.e. file=system file=application)
# $ARG2$ = Warning level (i.e. number of hits to generate a warning
response)
# $ARG3$ = Critical level (i.e. number of hits to generate a critcal
response)
# $ARG4$ = Time period (i.e. 1 day is '1d' 30 hours is '>30h')
# $ARG5$ = Filters (i.e. filter-eventID==9009 filter-eventSource=Tcpip)
see http://www.nsclient.org/nscp/wiki/CheckEventLog/CheckEventLog for detailed
info
# $ARG6$ = Amount of data to return in characters (i.e. truncate=150)
# Example: check_nrpe -H server_name_here -p 5666 -c checkEventLog -a
filter=new file=system MaxWarn=1 MaxCrit=1 filter-generated=\>30h
filter+eventID==10002 descriptions truncate=138
}
Services.cfg:
define service{
use standard-srv
service_description eventlog: Oracle archive log errors
check_command
check_eventlogs!file=application!1!1!>65m!filter+eventID==20
filter+eventType==error filter+message=substr:"Can not allocate log"!100
normal_check_interval 60
notification_options w,c
contact_groups apps
host_name server1, server2
}
HTH,
-greg
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting
any issue.
::: Messages without supporting info will risk being sent to /dev/null