Re: [Nagios-users] NC_Net.EventLog.Receiving error codes.Could I receive more info from the EventLog?
Thanks. You gave me some valious point to continue my work. I was not using the last version of NC_Net. I will try EVENTLOG_NEW and I will try to implement any of the solutions that you have commented. I will post any result I get. 2007/10/4, Anthony Montibello [EMAIL PROTECTED]: WMI should solve this problem for you. First off, make sure your using the current version of NC_NEt 4.1a and you would have access to a more optimized event log check called eventlog_new The Output is the same, thus it does not give what your are looking for. (but it may be more optimized than the WMI You would need to test this.) if it is a quicker test, I recomend using it and setting up event handlers or manually running check_nt using WMI to get the file name. note this assumes that you normally do not get an alert , so you would want the checking to induce the least load. If you know the names of the files you can setup seperate checks using the REGEXP of the EVENTLOG_NEw and this would serve as a workaround. If your looking for the files being modified. FILEAGE may be a good workaround. you should be able to setup an event handler that takes the EVENTID reported by EVENTLOG check and runs a WMICAT, querry the WMI (Windows Managment interface) for the Event Log Message. CLASS - CIMV2 Win32_NTLogEvent -has the events and the messeges in it. writing a querry to it may be tricky but if you need the File mane from the Message field this is the way to get it without writing new scripts, or paying for upgrades. or just run WMI checks directly and use wrapper scripts to interpret the results. please not on this, if a querry has no match there may be a NO OUTPUT error. -- Florencio Cano Gabarda - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] NC_Net.EventLog.Receiving error codes.Could I receive more info from the EventLog?
Just to clarify, Eventlog_new Should be a cleaner command line, and should cut down in time to complete. IT will NOT return the Message field of the events! TOny (Author of NC_NEt) On 10/5/07, Florencio Cano [EMAIL PROTECTED] wrote: Thanks. You gave me some valious point to continue my work. I was not using the last version of NC_Net. I will try EVENTLOG_NEW and I will try to implement any of the solutions that you have commented. I will post any result I get. 2007/10/4, Anthony Montibello [EMAIL PROTECTED]: WMI should solve this problem for you. First off, make sure your using the current version of NC_NEt 4.1a and you would have access to a more optimized event log check called eventlog_new The Output is the same, thus it does not give what your are looking for. (but it may be more optimized than the WMI You would need to test this.) if it is a quicker test, I recomend using it and setting up event handlers or manually running check_nt using WMI to get the file name. note this assumes that you normally do not get an alert , so you would want the checking to induce the least load. If you know the names of the files you can setup seperate checks using the REGEXP of the EVENTLOG_NEw and this would serve as a workaround. If your looking for the files being modified. FILEAGE may be a good workaround. you should be able to setup an event handler that takes the EVENTID reported by EVENTLOG check and runs a WMICAT, querry the WMI (Windows Managment interface) for the Event Log Message. CLASS - CIMV2 Win32_NTLogEvent -has the events and the messeges in it. writing a querry to it may be tricky but if you need the File mane from the Message field this is the way to get it without writing new scripts, or paying for upgrades. or just run WMI checks directly and use wrapper scripts to interpret the results. please not on this, if a querry has no match there may be a NO OUTPUT error. -- Florencio Cano Gabarda - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] NC_Net.EventLog.Receiving error codes.Could I receive more info from the EventLog?
Hello, Thanks to Hugo and Roger help I've been able to check Windows 2003 EventLog from the Nagios server. My idea is to audit access to some objects in the Windows 2003 machine as for example, a confidential document. And I want to see an alert in Nagios when I receive this information from the Windows EventLog Plugin (check_nt -v EVENTLOG). But, now, I'm receiving only the error codes and I want to receive more info detailed in the EventLog as for example the object name (filename in my case). Is this possible? And I wanted to say that I'm using NC_Net in a Spanish installation Windows 2003 installation and it seems to run ok. -- Florencio Cano Gabarda - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null