Does anyone have event log monitors that *work*?

Kasper Nordal Lund kasper at nordal-lund.dk
Sun Mar 21 06:58:05 CET 2010 

C. Bensend wrote:
> How do you guys monitor your event logs?  Anyone using NSClient++?
> I can't use NC_Net, I cannot install .NET on these hundreds of
> Windows machines.  I just cannot understand why this is so damned
> hard/frustrating/whatever.  Maybe I'm just an idiot, but I'm at
> the end of my rope here...
>
> THANK YOU for any help you can provide (including cluebats to the
> head)!
>
> Benny
>
>   
Hi Benny

I have also been strugling a lot to get this to work, the filter options 
can be quite hard to understand. I suggest that you start with a more 
simple check command, the one you are using now do have a lot of 
options, personally I would start with a simple check that just filters 
out the event ID and then add the other options later.

Here I have an example from my own setup looking for messages in the 
application log from the ServerRAID manager that are any other type than 
"info" and are less than 510m old.

check_nrpe -H $HOSTADDRESS$ -p 5666 -t 30 -c CheckEventLog -a filter=new 
file=application MaxWarn=1 MaxCrit=1 filter+generated=\<510m 
"filter+eventSource==ServeRAID Manager Agent" filter-eventType==info

The above is working as expected.

In nagios i then have a command defined like this:

check_nrpe -H $HOSTADDRESS$ -p 5666 -t 30 -c CheckEventLog -a filter=new 
file=$ARG1$ MaxWarn=1 MaxCrit=1 filter+generated=\$ARG2$ 
"filter+$ARG3$==$ARG4$" filter-eventType==info

And then i have a service defined like this:

define service {
        host_name                       dkaalbor019p-file
        service_description             ServeRAID_Manager_Agent
        check_command                   
NRPE_Check_EventLog!application!<510m!eventSource!ServeRAID Manager Agent
        is_volatile                     0
        max_check_attempts              3
        check_interval                  5
        retry_interval                  3
        passive_checks_enabled          1
        check_period                    24x7
        check_freshness                 1
        freshness_threshold             0
        low_flap_threshold              0
        high_flap_threshold             0
        process_perf_data               1
        notification_interval           0
        notification_period             24x7
        notification_options            w,u,r,c,f
        notifications_enabled           1
        contact_groups                  windows-admins

I hope you can use this.

Best Regards.

Kasper

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

More information about the Users mailing list