<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=us-ascii"> <META content="MSHTML 6.00.2800.1400" name=GENERATOR></HEAD> <BODY> <DIV>Hi Rudy, Assuming that the events you want to monitor are logged in the Event Log(for your Windows boxes), you could centralise yor Windows event logs using Eventlog to Syslog Utility from <A href="https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys/">https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys/</A> and the logsurfer plugin from http://naplax.sourceforge.net/check_logsurfer.html in conjunction with logsurfer from http://www.cert.dfn.de/eng/logsurf/ These 3 utils are easy to setup and make the task of monitoring Windows Event Logs much simpler. The check_logsurfer plugin allows you to specify regular expressions to check for, so you can tune the plugin to respond to a particlar event log message. Pushing your logs out to a central Linux box is a better solution - you can analyse the logs more easily using perl or whatever. Peter Edmonds</DIV> <DIV> </DIV> <DIV> </DIV> <DIV> </DIV> <DIV> </DIV> <BLOCKQUOTE dir=ltr style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px"> <DIV class=OutlookMessageHeader dir=ltr align=left>-----Original Message----- From: nagios-users-admin@lists.sourceforge.net [mailto:nagios-users-admin@lists.sourceforge.net]On Behalf Of Darren Harrison Sent: Wednesday, March 03, 2004 7:48 AM To: Rudy Montemayor Cc: nagios-users@lists.sourceforge.net Subject: [Nagios-users] Re: Window event viewer </DIV> Hi Rudy, The agent seems to keep track of when it last reported the error, so it should only respond to errors that are new since the agent was last called. Unfortunately this gets reset when the computer is restarted. The one thing you are probably looking for is that the service needs to be set to be volatile. Then the error gets reset on the next call. I'm sorry I can't help you with your last issue, I haven't had this happen a lot. Darren. <TT>"Rudy Montemayor" <RMontemayor@huntoil.com> wrote on 03/03/2004 09:04:39 a.m.: > Darren,</TT> <TT>> </TT> <TT>> Thanks for the information. I was able to install the agent on 2 Win > systems; however I have some questions and welcome anybody that can > help me out.</TT> <TT>> </TT> <TT>> </TT> <TT>> 1) What do this agent do exactly? From what I can tell of the > operation, it seems that It looks at the whole log and lets you know > how many errors there are and when the last one occurred. Then it > may be "EventLog OK" and then back to reporting the errors again. It > doesn't keep track of what errors it already reported on; it's > basically all or nothing.</TT> <TT>> </TT> <TT>> 2) I asked the Windows folks here about the logs and they mentioned > that they just let the log roll-over. So that means that once there > is an error the agent will continue to flag that error until that > particular entry is rolled-over or one manually clears the log; > which is the behavior that I'm seeing now.</TT> <TT>> </TT> <TT>> 3) There also appears to be some problem with "(Service Check Timed > Out)" and I do not know why this is happening.</TT> <TT>> </TT> <TT>> Any help with be appreciated.</TT> <TT>> </TT> <TT>> Rudy</TT> <HR> This e-mail is confidential and may contain information subject to legal privilege. If you are not the intended recipient please advise us of our error by return e-mail then delete this e-mail and any attached files. You may not copy, disclose or use the contents in any way. The views expressed in this e-mail may not be those of Gallagher Group Ltd or subsidiary companies thereof. <HR> </BLOCKQUOTE></BODY></HTML>