nagios as message log server

[Neil]

Hi Jeff, 

Thanks for the link. Anyways, about a month ago, we had a thread related to 
email notifications. And also, during that time, I had some questions 
related to critical events is logged either in Event Viewer or syslogd. I 
had a solution to this which was swatch. But someone recommended that it 
would be a good idea to have a centralized logging system. So, they helped 
me on how to configure addons on how they can submit checks to nagios. 

It's nice to have all the system/critical events from all over the 
enterprise to be sent a central logging system, in this case, nagios. But, 
what I am worried now is that if we aren't actually monitoring a service, 
but just waiting for a critical message in /var/log/messages or a critical 
event sent by Snare for windows. 

Let's take this as an example. NOTE: "SNARE for Windows" will send this to a 
syslogd daemon in just one line. 

 -------start-------
Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date:		2/18/2004
Time:		1:39:44 AM
User:		N/A
Computer:	XP
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually 
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup 
again in 15 minutes. The error was: A socket operation was attempted to an 
unreachable host. (0x80072751)
 --------end-------- 

Now we have swatch or sec.pl watching the string /error occurred during DNS 
lookup/, then swatch/sec.pl is configured based on this rule to execute a 
script. This script will echo result to nagios.cmd. Nagios then sees the 
result and flag the status as CRITICAL. 

Since this isn't a service, I can't find a solution on how I can restore 
back the state to OK. Most especially, if the machine that sent this message 
via send_nsca is behind a firewall. Bottomline here, all we want is email 
notification. 

Maybe someone here who uses Nagios as central logging server will be able to 
enlighten me in this scenario/situation. 

Thank you very much in advance. 

Neil 


jeff vier writes: 

> On Thu, 2004-02-19 at 17:32, Neil wrote:
>> Assuming we have configured nagios as the central machine for doing 
>> machine(unified messaging system), now, one thing I don't get now is that if 
>> we get a message/snmp-trap that we were monitoring, how do we get the status 
>> back in OK state? 
> 
> Manually. 
> 
> Docs not specific to "regular" snmp trapping, but explains the situation
> really well:
> http://snmptt.sourceforge.net/docs/snmptt.shtml#Nagios-Netsaint 
> 
 


-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null