<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I wrote my own event log management plugin because I didn’t find one that I liked. You can download it as part of the Sourceforge tntnagiosplugins project. It should work with NSClient++ (although admittedly I am not testing against that).<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>It reports critical and warning events on the specified host (it will exclude a number of events that are known to be harmless, for instance DCOM 10009 and about a dozen or so other ones).<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>The “top ten events” seems like interesting functionality, but doesn’t really fit very well into the Nagios philosophy. Nagios can ultimately only distinguish between OK, WARNING, CRITICAL. There are better tools for statistical analysis.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>The collection of plugins also contains a separate plugin that reports on login errors.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='margin-left:.5in'><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Ron Wilson [mailto:ron@tvnz.co.nz] <br><b>Sent:</b> Wednesday, July 21, 2010 3:52 PM<br><b>To:</b> Nagios Users List<br><b>Subject:</b> Re: [Nagios-users] effective use of NSClient++ Eventlog management<o:p></o:p></span></p></div></div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p><p class=MsoNormal style='margin-left:.5in'><span lang=EN-NZ style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I have tried several times over the past year but never managed to get the check_eventlog working. If you have any success do tell us about it<o:p></o:p></span></p><p class=MsoNormal style='margin-left:.5in'><span lang=EN-NZ style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='margin-left:.5in'><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> keshav murthy [mailto:nkeshav12@gmail.com] <br><b>Sent:</b> Wednesday, 21 July 2010 10:07 p.m.<br><b>To:</b> nagios-users@lists.sourceforge.net<br><b>Subject:</b> [Nagios-users] effective use of NSClient++ Eventlog management<o:p></o:p></span></p></div></div><p class=MsoNormal style='margin-left:.5in'><span lang=EN-NZ><o:p> </o:p></span></p><div><p class=MsoNormal style='margin-left:.5in'><span lang=EN-NZ>Dear all,<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span lang=EN-NZ> <o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span lang=EN-NZ>We are moving from pnsclient to NSclient++ for all our windows client. We would like to use the Event log management available with NSClient++.<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span lang=EN-NZ> <o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span lang=EN-NZ>We would like to do the following (if it is feasible)<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span lang=EN-NZ> <o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span lang=EN-NZ>Top Ten events in all the clients overall. <o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span lang=EN-NZ>Critical Event IDs on any server: We are looking for only the critical event ID's (like a AD account lockout event ID etc) to be captured and reported to the nagios server.<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span lang=EN-NZ> <o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span lang=EN-NZ>Have anybody started using this eventlog management effectively and what are your way of putting it in place.<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span lang=EN-NZ> <o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span lang=EN-NZ>Cheers<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:.5in'><span lang=EN-NZ>Keshav<o:p></o:p></span></p></div></div><pre style='margin-left:.5in'><span lang=EN-NZ>==========================================================<o:p></o:p></span></pre><pre style='margin-left:.5in'><span lang=EN-NZ>For more information on the Television New Zealand Group, visit us<o:p></o:p></span></pre><pre style='margin-left:.5in'><span lang=EN-NZ>online at tvnz.co.nz <o:p></o:p></span></pre><pre style='margin-left:.5in'><span lang=EN-NZ>==========================================================<o:p></o:p></span></pre><pre style='margin-left:.5in'><span lang=EN-NZ>CAUTION: This e-mail and any attachment(s) contain information that<o:p></o:p></span></pre><pre style='margin-left:.5in'><span lang=EN-NZ>is intended to be read only by the named recipient(s). This information<o:p></o:p></span></pre><pre style='margin-left:.5in'><span lang=EN-NZ>is not to be used or stored by any other person and/or organisation.<o:p></o:p></span></pre></div></body></html>