Windows Event Log

Guy Goodenough GGoodenough at gaithersburgmd.gov
Tue Apr 5 21:59:23 CEST 2011


Ed,

I do Windows event log checking a fair amount in my environment, however I use NRPE to do it. I’m not sure what it would take to implement a NRPE check on your network, but here’s code to do it:

../../libexec/check_nrpe –H 10.0.94.22  –c CheckEventLog –a filter=new file=Application file=System MaxWarn=1 MaxCrit=1 filter+generated=\<1h filter+eventSource="EmailManager" filter=in filter=all "syntax=%source%: %message%: (%count%)" descriptions=true unique truncate=1023

I believe you will need to configure the nsc.ini for the NSclient to allow NRPE checks and need port 5666 open to do them.

Hope this helps,

Guy Goodenough
Network/Operations Manager
City of Gaithersburg
31 South Summit Avenue
Gaithersburg, MD 20877-2098
Phone: 301 258 6325
Fax: 301 258 6326
http://www.gaithersburgmd.gov/
_____________________________________

The opinions expressed in this message are not necessarily those of the City of Gaithersburg Staff, Mayor or Council.



From: Edwin Zoeller [mailto:Edwin.Zoeller at ama-assn.org] 
Sent: Tuesday, April 05, 2011 9:26 AM
To: Nagios Users List
Subject: [Nagios-users] Windows Event Log
Importance: High

I was asked to see if we can capture and alert on a event that happens often on one of out NT servers. Below is the event:
 
Ed,
            As we just discussed, here is paste of the exact text of the Warning from the Application Event Log and a screenshot with all the details for the message that is generated every 60 seconds when the servers have a problem negotiating a connection. As this has become a reoccurring problem, Paul has asked that we monitor this and send out alerts so we can jump on it next time it happens. Please call me with any questions. Thanks



Server Name: PBX003
Application Log 

EmailManager EventCode:25000 Level:2 Email - An exception was caught trying to connect to host : exchange.americanmedicalassociation.org, Inbox: Ama_nt\hppcmail, javax.mail.MessagingException: Connect failed; nested exception is:avax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake




What I did was to download and have the NT folks invoke the event_agent.exe file Then from my Nagios host side (Linux), execute the check_win_eventlog.pl script, and fill in the parameters that I think are correct. When I execute the script from the Nagios server side to test, it just seems to hang and the NT admins sent methe screen below.
I am not a Windows person so I am not sure that I am testing this correct. So what I am asking if someone with more knowledge of what I am trying to accomplish could help me out. Here is what I am running for the Server side:

../../libexec/check_win_eventlog.pl -H 10.0.94.22 -l 'Application' -s 'EmailManager' -m '*:+Connect failed' -t Warning
And below is what the Windows people are seeing on there side.
This was in dos window b4 I closed it out. We can do it again Mon.
 

 
 
 
Any help or guidance would be greatly appreciated.
 
Thanks again,
 
Ed Zoeller
 Please consider the environment before printing this e-mail
 
------------------------------------------------------------------------------
Xperia(TM) PLAY
It's a major breakthrough. An authentic gaming
smartphone on the nation's most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


More information about the Users mailing list