Ideas (#2) - Windows Event Logs (#379) - Message List
I am new to Nagios, NSClient, etc. I currently have NSclient++ installed on all my windows servers and would like to monitor the event logs. I am using Groundwork 5.3 and I was wondering if I can set up NsClient?++ to only show warnings and Critical errors or if you can advice some best practice for NSClient++ and event logs monitoring and possible show some examples. Thanks in advance for your help.
Yes it is possible to show only warnings and errors. Here's an example of how I'm doing it. From the command line the CheckEventLog check looks like this:
./check_nrpe -H $HOSTADDRESS$ -p 5666 -t 30 -c CheckEventLog -a file=application file=security file=system MaxWarn=60 MaxCrit=3600 filter=new filter=out filter-generated=\>65m filter-eventType==info filter-eventType==auditSuccess unique syntax="%source%(%count%)" truncate=999
Writing this check command in (sort of) plain english, it goes something like this: Hey let's check the application, security, and system logs (file=application file=security file=system), set a level of warning at 60 events and critical at 3600 (MaxWarn=60 MaxCrit=3600). Use the new checkeventlog format (filter=new) in an exclude style (filter=out). Filter out items older than 65 minutes (filter-generated=\>65m), filter out events of type information and Audit Success (filter-eventType==info filter-eventType==auditSuccess), display (whatever events are left) show unique results in the format of source (number of this type of event) (unique syntax="%source%(%count%)"). Cut off results at 999 bytes (truncate=999).
You will also want to add the following to your nsc.ini file. Use a buffer size of 524287 or smaller.
PS Your question should have been posted to the Help section of the forum not the Ideas section.
-greggjfrater06/09/09 17:20:47 (4 years ago)