Windows Eventlog Addon/Plugin published
David Clack
david at clack.org.uk
Sun Jul 13 11:18:36 CEST 2003
Interesting seeing how other people monitor windows event logs with
nagios.
I use the dumpel.exe (dump event log) tool that comes with the windows
nt resource kit, I just dump the application, system & security logs
from all windows servers to a samba share on the nagios machine. Logs
can be dumped to comma or tab separated files. Then I just use awk/sh
scripts to scan the logs and report on events. Handy to awk in html &
<table> tags so they can be linked to & displayed in html.
I like this way as it saves having a client on the windows machines. I
just run a batch file every few mins off one of the windows servers &
that dumps the logs off all of them.
Anyone know what happened to NSClientEVL? Or got any other ways of doing
this?
Cheers
Dave.
-----Original Message-----
From: nagios-users-admin at lists.sourceforge.net
[mailto:nagios-users-admin at lists.sourceforge.net] On Behalf Of Russell
Adams
Sent: 11 July 2003 20:17
To: nagios-users at lists.sourceforge.net
Subject: Re: [Nagios-users] Re: Windows Eventlog Addon/Plugin published
I monitor Windows servers for similar conditions.
However, I use Event Reporter on Windows to forward the Event Log to a
linux syslog server running syslog-ng. I then use Logmuncher to report
on the contents of the logs at 5 minute intervals.
I find this much easier and comprehensive than trying to detect logs
with Netsaint/Nagios. It would be trivial to modify the setup to send
passive alerts to Nagios upon receiving a critical message.
Russell
On Fri, Jul 11, 2003 at 02:32:59PM -0300, Rainer wrote:
> Hello Martin,
>
> That's a very interesting idea.
> I was reading the plugin examples on your site, and I think I can use
it
> for a idea I had the other day.
> I want to monitor the 'Application' Eventlog using your plugin, and
have
> Nagios send me a notification when it finds an 'Error' type log from
> Norton Antivirus stating it has found a virus.
> The 'Event Source' is "Norton AntiVirus" and the 'Event ID' is "5".
> The 'Description' is usually something like this:
> "Virus Found!Virus name: W32.Klez.gen at mm in File
C:\somedir\somefile.exe
> by: Realtime Protection scan. Action: Clean failed : Quarantine
succeeded
> : Access denied".
> I want the plugin to send me the event description as its $OUTPUT$.
> My question is: how does your plugin keep track of which event logs
were
> detected? I mean, if the plugin finds an error event such as the one
above
> and send me a notification, will it resend the notification the next
time
> the plugin is run (ex. 20 minutes later)? I want it to send the
> notification only the first time the event log is detected.
> Could this be done?
>
> Best regards,
> Rainer Alves
> Unisys Brazil
>
> > Hi,
> >
> > we have just released our first public version of a Windows Eventlog
> > Plugin
> > for Nagios.
> > Details can be found on
> >
> > http://naplax.sourceforge.net
> >
> > This addon allows Nagios to monitor Windows EventLogs by querying an
agent
> > installed on the Windows machine (the agent is part of this
package.)
> > While
> > by default every event is notified by Nagios, extensive filtering
can be
> > defined through various parameters. You can do "anything but XY"
> > or"nothing
> > but XY" notifications or some strange things between these two.
> >
> > Martin Schmitz
> > net&works Netzwerke und Service GmbH
> > Luetzerodestrasse 12
> > D-30161 Hannover, Germany
> >
> > PGP fingerprint: 225E A59C C08A 9ED5 9003 01A1 399B BFE0 6450 CA40
> >
> > *** Besuchen Sie uns im Netz: http://www.naw.de !!! ***
> >
>
>
>
> -------------------------------------------------------
> This SF.Net email sponsored by: Parasoft
> Error proof Web apps, automate testing & more.
> Download & eval WebKing and get a free book.
> www.parasoft.com/bulletproofapps1
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps1
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when
reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps1
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list