how to monitor windows event log for error messages with nagios

Currently i have installed nsclient++ on my windows servers and I am monitoring them for standard checks(cpu,memory,hdd,services). I want to start monitoring them for error messages which they generate in event log. I am not able to find any easy to  implement plugin.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

one simple way is to add the SNMP support and then use eventwin to configure the SNMP trap generation for events you are interested in.
your nagios instance will need the snmptrapd functionality

you can have a single SNMP mapping configuration that is loaded using evntcmd to load the eventlog to SNMP mapping.
This can be part of a startup script in a GPO to load a network based configuration file.

dedriAuthor Commented:
arnoid, thanks for your reply. I am new to nagios.
Could you explain in more details what I have to do:
1. install snmptrapd on linux machine where nagios is installed
2. install eventwin on all my windows servers ????. Currently I have installed nsclient ++.

Could you send me some article how to do this.
eventwin is auto installed when the SNMP windows addon is installed.
eventwin and eventcmd are the interfaces to the eventlog to SNMP mapping.
The commands are unavailble without the installation of the SNMP

windows server 2003 the add/remove windows components under the management and monitoring tools.
Similar for windows server 2008
You can add snmp and snmp WMI.

Using GPO you can push the SNMP settings to all systems.

nsclient is a nagios agent.
In a way this is more like an agentless setup. when configured it will generate SNMP traps based on the configured events.
You can also use SNMP to poll and collect data.

If you have a test lab server install snmp addons on it.  Then use a linux system's snmpwalk -v 2c -c 'community_name' ip_of_test_lab_server
community_name should be something other than public, but public is the community name used to send the snmptraps to the snmptrapd daemon.

And you will see a wealth of information stream down. is a tool you can use to graphically represent different aspects of the system, network traffic, cpu usage, memory, disks, etc.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

dedriAuthor Commented:
Hi arnold,
could you help me again. I found SNMPTT software but I am not able to find where I can  download snmptrapd. I already monitor some devices with snmp get. How to check if I have installed snmptrapd and if I don't have it where I can download it. My Linux distributions are CentOs and Ubuntu.
I tried in my Ubuntu test machine :
root@ee:~# apt-get install snmptrapd
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package snmptrapd
Have you watched any of these presentations? :

I would use Nagios as a tool to look for a count of a particular event # or text within.  Like if you knew what you were looking for and just wanted a robot like Nagios to see if it occurs, when, and how many times.

For this you could use the Sysinternals Suite, like "psloglist.exe" and dump the Windows Event logs to a text file, then use something like a batch file/perl script/ Windows Grep to count for the instances of that text, or multiple texts, or some wildcard match.  Then you could output that to the Nagios Check...  So you basically just need a wrapper for a text search to issue a count of errors, then Nagios sees the error threshold and alerts you.  You could also remotely pull all the event logs to a central windows box and sort through them there also.

Other thoughts of Event logs.. if you don't know exaclty what you are pattern matching against is to look at - they product pulls event logs and can search through them, and even alert you on them.
PsLoglist v2.71 - local and remote event log viewer
Copyright (C) 2000-2009 Mark Russinovich
Sysinternals -

PsLogList dumps event logs on a local or remote NT system.

Usage: psloglist [\\computer[,computer2[,...] | @file] [-u username [-p password
]]] [-s [-t delimiter]] [-m #|-n #|-d #|-h #|-w][-c][-x][-r][-a mm/dd/yy][-b mm/
dd/yy] [-f filter] [-i ID,[ID,...]] | -e ID,[ID,...]] [-o event source[,event so
urce[,...]]] [-q event source[,event source[,...]]] [[-g|-l] event log file] <ev
ent log>

Open in new window

net-snmp-version provides /usr/sbin/snmptrapd
you might not have it configured to start
chkconfig --list | grep -i snmp

snmpget initiate connections to hosts.
snmptrapd is an application that is listening for traps/events to be sent to it.

You are running under debian/ubuntu linux version?

apt-get install snmpd
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.