Ideas (#2) - Windows Event Logs (#379) - Message List
Hi,
I am new to Nagios, NSClient, etc. I currently have NSclient++ installed on all my windows servers and would like to monitor the event logs. I am using Groundwork 5.3 and I was wondering if I can set up NsClient?++ to only show warnings and Critical errors or if you can advice some best practice for NSClient++ and event logs monitoring and possible show some examples. Thanks in advance for your help.
-
Message #1223
Yes it is possible to show only warnings and errors. Here's an example of how I'm doing it. From the command line the CheckEventLog check looks like this:
./check_nrpe -H $HOSTADDRESS$ -p 5666 -t 30 -c CheckEventLog -a file=application file=security file=system MaxWarn=60 MaxCrit=3600 filter=new filter=out filter-generated=\>65m filter-eventType==info filter-eventType==auditSuccess unique syntax="%source%(%count%)" truncate=999
Writing this check command in (sort of) plain english, it goes something like this: Hey let's check the application, security, and system logs (file=application file=security file=system), set a level of warning at 60 events and critical at 3600 (MaxWarn=60 MaxCrit=3600). Use the new checkeventlog format (filter=new) in an exclude style (filter=out). Filter out items older than 65 minutes (filter-generated=\>65m), filter out events of type information and Audit Success (filter-eventType==info filter-eventType==auditSuccess), display (whatever events are left) show unique results in the format of source (number of this type of event) (unique syntax="%source%(%count%)"). Cut off results at 999 bytes (truncate=999).
You will also want to add the following to your nsc.ini file. Use a buffer size of 524287 or smaller.
[EventLog] buffer_size=524287
PS Your question should have been posted to the Help section of the forum not the Ideas section.
Regards,
-greg
gjfrater06/09/09 17:20:47 (4 years ago)
