Monitoring Windows Event Log from Nagios
Ludo Bosmans
ludo.bosmans at xtenso.be
Wed May 12 10:14:05 CEST 2004
Steve,
I'm glad that i can advice the creator of "routers2.cgi" and other nice
tools for drawing graphs.
Have a look to "SNARE": http://www.intersectalliance.com/projects/
Snare Agent for Windows
Snare for Windows is a Windows NT, Windows 2000, Windows XP, and Windows
2003 compatible service that interacts with the underlying Windows Eventlog
subsystem to facilitate remote, real-time transfer of event log information.
Event logs from the Security, Application and System logs, as well as the
new DNS, File Replication Service, and Active Directory logs are supported.
Log data is converted to text format, and delivered to a remote Snare
Server, or to a remote SYSLOG server.
SNARE for Windows is free software (freeware), released under the terms of
the GNU Public Licence.
I'm still busy to work out a solution but let me point out the way i try to
set it up.
Currently i have installed the SNARE agent on two Windows servers. The agent
is configured to forward the eventlog entries to the syslog daemon on the
nagios server.
On the nagios server i use a script that is respawned by inittab and that is
following the syslog messages file. This script is responsable for filtering
the recieved messages on fields as the "Snare HOST_NAME", criticaly level,
event-type, ... and finally submitting results to a specific passive
service. f.e. "Security WinEventlog", "Application WinEventlog", "System
WinEventlog"...
The "Snare HOST_NAME" is a configurable parameter that is passed together
with the wineventlog fields. I keep this the same as the host_name on which
i have set-up currently 3 passive checks ( Security, Applicaton, System )/
host_name.
Additionally i have set-up also the same services on the nagios server. When
i recieve a Snare host_name message that i can't lookup as a configured
host_name, i submit a warning to the nagios server specific winsevent
services to avoid alerts get lost.
Further the script is keeping an array that contain the host_name and a time
stamp when the last result was
-----Original Message-----
From: Steve Shipway [mailto:s.shipway at auckland.ac.nz]
Sent: woensdag 12 mei 2004 06:29
To: nagios-users at lists.sourceforge.net
Subject: [Nagios-users] Monitoring Windows Event Log from Nagios
Hi -
Does anyone out there have a method to monitor the Windows Event log using
Nagios?
Currently, we use the pNSClient agent to collect Perfmon data, which works
fine. On UNIX systems, we have the syslogd daemon which will feed important
events via a filter through NSCA and into a Passive Service on Nagios --
again, no problem. However, we need a way to send Windows event log events
and generate an alert.
An ideal setup would be a configurable daemon that will send an NSCA alert
(of a configurable level) for log entries matching a certain regular
expression. However, at the moment I'll take anything! It needs to be
something that, like pNSClient, can run as a service on the server in
question.
Do any of you out there have or know of such an agent? It would be of great
help out here,
Thanks in advance,
Steve
---
Steve Shipway: ITSS, University of Auckland
Email: s.shipway at auckland.ac.nz Web: http://www.steveshipway.org/
** We can only discover new oceans when we have the **
** courage to lose sight of the shore. **
-------------------------------------------------------
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver
higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list