dedri
asked on
how to monitor windows event log for error messages with nagios
Currently i have installed nsclient++ on my windows servers and I am monitoring them for standard checks(cpu,memory,hdd,serv ices). I want to start monitoring them for error messages which they generate in event log. I am not able to find any easy to implement plugin.
ASKER
arnoid, thanks for your reply. I am new to nagios.
Could you explain in more details what I have to do:
1. install snmptrapd on linux machine where nagios is installed
2. install eventwin on all my windows servers ????. Currently I have installed nsclient ++.
Could you send me some article how to do this.
Could you explain in more details what I have to do:
1. install snmptrapd on linux machine where nagios is installed
2. install eventwin on all my windows servers ????. Currently I have installed nsclient ++.
Could you send me some article how to do this.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi arnold,
could you help me again. I found SNMPTT software but I am not able to find where I can download snmptrapd. I already monitor some devices with snmp get. How to check if I have installed snmptrapd and if I don't have it where I can download it. My Linux distributions are CentOs and Ubuntu.
I tried in my Ubuntu test machine :
root@ee:~# apt-get install snmptrapd
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package snmptrapd
could you help me again. I found SNMPTT software but I am not able to find where I can download snmptrapd. I already monitor some devices with snmp get. How to check if I have installed snmptrapd and if I don't have it where I can download it. My Linux distributions are CentOs and Ubuntu.
I tried in my Ubuntu test machine :
root@ee:~# apt-get install snmptrapd
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package snmptrapd
Have you watched any of these presentations? :
http://www.nagios.com/events/nagiosworldconference/northamerica/2011/presentations
I would use Nagios as a tool to look for a count of a particular event # or text within. Like if you knew what you were looking for and just wanted a robot like Nagios to see if it occurs, when, and how many times.
For this you could use the Sysinternals Suite, like "psloglist.exe" and dump the Windows Event logs to a text file, then use something like a batch file/perl script/ Windows Grep to count for the instances of that text, or multiple texts, or some wildcard match. Then you could output that to the Nagios Check... So you basically just need a wrapper for a text search to issue a count of errors, then Nagios sees the error threshold and alerts you. You could also remotely pull all the event logs to a central windows box and sort through them there also.
Other thoughts of Event logs.. if you don't know exaclty what you are pattern matching against is to look at Splunk.com - they product pulls event logs and can search through them, and even alert you on them.
http://www.nagios.com/events/nagiosworldconference/northamerica/2011/presentations
I would use Nagios as a tool to look for a count of a particular event # or text within. Like if you knew what you were looking for and just wanted a robot like Nagios to see if it occurs, when, and how many times.
For this you could use the Sysinternals Suite, like "psloglist.exe" and dump the Windows Event logs to a text file, then use something like a batch file/perl script/ Windows Grep to count for the instances of that text, or multiple texts, or some wildcard match. Then you could output that to the Nagios Check... So you basically just need a wrapper for a text search to issue a count of errors, then Nagios sees the error threshold and alerts you. You could also remotely pull all the event logs to a central windows box and sort through them there also.
Other thoughts of Event logs.. if you don't know exaclty what you are pattern matching against is to look at Splunk.com - they product pulls event logs and can search through them, and even alert you on them.
PsLoglist v2.71 - local and remote event log viewer
Copyright (C) 2000-2009 Mark Russinovich
Sysinternals - www.sysinternals.com
PsLogList dumps event logs on a local or remote NT system.
Usage: psloglist [\\computer[,computer2[,...] | @file] [-u username [-p password
]]] [-s [-t delimiter]] [-m #|-n #|-d #|-h #|-w][-c][-x][-r][-a mm/dd/yy][-b mm/
dd/yy] [-f filter] [-i ID,[ID,...]] | -e ID,[ID,...]] [-o event source[,event so
urce[,...]]] [-q event source[,event source[,...]]] [[-g|-l] event log file] <ev
ent log>
net-snmp-version provides /usr/sbin/snmptrapd
you might not have it configured to start
/etc/init.d/snmptrapd
chkconfig --list | grep -i snmp
snmpget initiate connections to hosts.
snmptrapd is an application that is listening for traps/events to be sent to it.
You are running under debian/ubuntu linux version?
apt-get install snmpd
or
http://manpages.ubuntu.com/manpages/hardy/man8/snmptrapd.8.html
you might not have it configured to start
/etc/init.d/snmptrapd
chkconfig --list | grep -i snmp
snmpget initiate connections to hosts.
snmptrapd is an application that is listening for traps/events to be sent to it.
You are running under debian/ubuntu linux version?
apt-get install snmpd
or
http://manpages.ubuntu.com/manpages/hardy/man8/snmptrapd.8.html
your nagios instance will need the snmptrapd functionality
http://www.snmplink.org/snmpresource/trap/
http://ideas.nagios.org/a/dtd/Integrated-easy-SNMP-trap-reveiver/2075-3955
you can have a single SNMP mapping configuration that is loaded using evntcmd to load the eventlog to SNMP mapping.
This can be part of a startup script in a GPO to load a network based configuration file.