<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.E-mailStijl17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
@page Section1
{size:595.3pt 841.9pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:758723055;
mso-list-type:hybrid;
mso-list-template-ids:-2121658120 68354069 68354073 68354075 68354063 68354073 68354075 68354063 68354073 68354075;}
@list l0:level1
{mso-level-number-format:alpha-upper;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level2
{mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level3
{mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level4
{mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level5
{mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level6
{mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level7
{mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level8
{mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level9
{mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
-->
</style>
</head>
<body lang=NL link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Hello everyone. Started testing Nagios since last
February, and am very much please with the functionality. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>I currently have a pilot Nagios implementation,
monitoring about 100 Windows 2003 servers. I have one WinXP client, installed
with a NSClient++ agent. All checks are executed remotely from the WinXP
workstation, which acts as a proxy. My servers are agentless. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Now I have created a vbs script to collect entries
from the Windows eventlog, alerting on filtered errors, warning, eventsource,
eventide, etc. For each defined filter I create one Service in Nagios (eg. I
have one service checking for Antivirus events, another service checking for
Printserver events, one service checking for DNS events, etc.)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Each run of the script could report on multiple
events. At the moment the script creates one single alert, showing multiple
events. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>However, I would like to <o:p></o:p></span></font></p>
<ol style='margin-top:0cm' start=1 type=A>
<li class=MsoNormal style='mso-list:l0 level1 lfo1'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>have one alert
generated for each unique event (in order to use the notification
mechanism). If possible I would like to implement an event-database, where
I would be able to handle each unique alert. Something similar to MOM,
where a count of each unique event is displayed, and as long as the event
is not yet closed no new notifications are being sent out. <o:p></o:p></span></font></li>
<li class=MsoNormal style='mso-list:l0 level1 lfo1'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>In the end, I would
like to implement some module, that will create a ticket in our Ultimo
helpdesk system, for each new alert generated.</span></font><span
lang=EN-GB> </span><font size=2 face=Arial><span lang=EN-GB
style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></li>
</ol>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Is this feasible with a combination of NSCA and
Nagios Eventdb ? I have not yet been able to get the Eventdb running
properly yet, so at the moment I am unable to assess the value of this tool.
Also with NSCA I have just started playing. However, after some time I started
getting NTVDM errors, which would only resolve with a reboot from my proxy.Th
built-in NSCA functionality in the NSClient++ will only allow me (or so it
seems) to run one instance of every defined script at a regular interval.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Has anyone implemented something similar yet, and how
did you get everything up and running ? <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Thanks in advance for feedback,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Mike<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
</div>
</body>
</html>