how to monitor windows event log for error messages with nagios

Currently i have installed nsclient++ on my windows servers and I am monitoring them for standard checks(cpu,memory,hdd,services). I want to start monitoring them for error messages which they generate in event log. I am not able to find any easy to  implement plugin.
dedriAsked:
Who is Participating?
 
arnoldCommented:
eventwin is auto installed when the SNMP windows addon is installed.
eventwin and eventcmd are the interfaces to the eventlog to SNMP mapping.
The commands are unavailble without the installation of the SNMP

windows server 2003 the add/remove windows components under the management and monitoring tools.
Similar for windows server 2008
http://social.technet.microsoft.com/Forums/en-US/winserverManagement/thread/a10ae19b-c4d7-4372-bda0-c771c6d4cca3/
You can add snmp and snmp WMI.

Using GPO you can push the SNMP settings to all systems.

nsclient is a nagios agent.
In a way this is more like an agentless setup. when configured it will generate SNMP traps based on the configured events.
You can also use SNMP to poll and collect data.

If you have a test lab server install snmp addons on it.  Then use a linux system's snmpwalk -v 2c -c 'community_name' ip_of_test_lab_server
community_name should be something other than public, but public is the community name used to send the snmptraps to the snmptrapd daemon.

And you will see a wealth of information stream down.

cacti.net is a tool you can use to graphically represent different aspects of the system, network traffic, cpu usage, memory, disks, etc.
0
 
arnoldCommented:
one simple way is to add the SNMP support and then use eventwin to configure the SNMP trap generation for events you are interested in.
your nagios instance will need the snmptrapd functionality
http://www.snmplink.org/snmpresource/trap/
http://ideas.nagios.org/a/dtd/Integrated-easy-SNMP-trap-reveiver/2075-3955

you can have a single SNMP mapping configuration that is loaded using evntcmd to load the eventlog to SNMP mapping.
This can be part of a startup script in a GPO to load a network based configuration file.

0
 
dedriAuthor Commented:
arnoid, thanks for your reply. I am new to nagios.
Could you explain in more details what I have to do:
1. install snmptrapd on linux machine where nagios is installed
2. install eventwin on all my windows servers ????. Currently I have installed nsclient ++.

Could you send me some article how to do this.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
dedriAuthor Commented:
Hi arnold,
could you help me again. I found SNMPTT software but I am not able to find where I can  download snmptrapd. I already monitor some devices with snmp get. How to check if I have installed snmptrapd and if I don't have it where I can download it. My Linux distributions are CentOs and Ubuntu.
I tried in my Ubuntu test machine :
root@ee:~# apt-get install snmptrapd
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package snmptrapd
0
 
JRoyseCommented:
Have you watched any of these presentations? :
http://www.nagios.com/events/nagiosworldconference/northamerica/2011/presentations

I would use Nagios as a tool to look for a count of a particular event # or text within.  Like if you knew what you were looking for and just wanted a robot like Nagios to see if it occurs, when, and how many times.

For this you could use the Sysinternals Suite, like "psloglist.exe" and dump the Windows Event logs to a text file, then use something like a batch file/perl script/ Windows Grep to count for the instances of that text, or multiple texts, or some wildcard match.  Then you could output that to the Nagios Check...  So you basically just need a wrapper for a text search to issue a count of errors, then Nagios sees the error threshold and alerts you.  You could also remotely pull all the event logs to a central windows box and sort through them there also.

Other thoughts of Event logs.. if you don't know exaclty what you are pattern matching against is to look at Splunk.com - they product pulls event logs and can search through them, and even alert you on them.
PsLoglist v2.71 - local and remote event log viewer
Copyright (C) 2000-2009 Mark Russinovich
Sysinternals - www.sysinternals.com

PsLogList dumps event logs on a local or remote NT system.

Usage: psloglist [\\computer[,computer2[,...] | @file] [-u username [-p password
]]] [-s [-t delimiter]] [-m #|-n #|-d #|-h #|-w][-c][-x][-r][-a mm/dd/yy][-b mm/
dd/yy] [-f filter] [-i ID,[ID,...]] | -e ID,[ID,...]] [-o event source[,event so
urce[,...]]] [-q event source[,event source[,...]]] [[-g|-l] event log file] <ev
ent log>

Open in new window

0
 
arnoldCommented:
net-snmp-version provides /usr/sbin/snmptrapd
you might not have it configured to start
/etc/init.d/snmptrapd
chkconfig --list | grep -i snmp

snmpget initiate connections to hosts.
snmptrapd is an application that is listening for traps/events to be sent to it.

You are running under debian/ubuntu linux version?

apt-get install snmpd
or
http://manpages.ubuntu.com/manpages/hardy/man8/snmptrapd.8.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.