[prev in list] [next in list] [prev in thread] [next in thread]
List: nagios-users
Subject: Re: [Nagios-users] effective use of NSClient++ Eventlog management
From: keshav murthy <nkeshav12 () gmail ! com>
Date: 2010-07-27 5:31:32
Message-ID: AANLkTikBO59B=ERYFMq7BB_JniDRjHcA9J7nTfhO-5Gf () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Thanks Kevin/Mat/Jel and Ron.
I will try them and take which one suits best.
On Tue, Jul 27, 2010 at 1:49 AM, Mathew Walker <lmw94002@hotmail.com> wrote:
> I use:
> http://www.monitoringexchange.org/inventory/Check-Plugins/Operating-Systems/Windows/NagEventLog
>
> It works pretty good, and you can set it up to alert for specific errors or
> look for all and filter out fluff ones. I even went to far as to figure out
> the registry settings and push updates for the eventIDs to filter via GPO.
> Maybe not as glamourous, but it worked pretty good in our environment.
>
> --
> Mat W. - http://www.techadre.com
>
>
>
> ------------------------------
> From: subscription@kkeane.com
>
> To: nagios-users@lists.sourceforge.net
> Date: Sat, 24 Jul 2010 12:29:54 -0700
>
> Subject: Re: [Nagios-users] effective use of NSClient++ Eventlog management
>
> I wrote my own event log management plugin because I didn’t find one that
> I liked. You can download it as part of the Sourceforge tntnagiosplugins
> project. It should work with NSClient++ (although admittedly I am not
> testing against that).
>
>
>
> It reports critical and warning events on the specified host (it will
> exclude a number of events that are known to be harmless, for instance DCOM
> 10009 and about a dozen or so other ones).
>
>
>
> The “top ten events” seems like interesting functionality, but doesn’t
> really fit very well into the Nagios philosophy. Nagios can ultimately only
> distinguish between OK, WARNING, CRITICAL. There are better tools for
> statistical analysis.
>
>
>
> The collection of plugins also contains a separate plugin that reports on
> login errors.
>
>
>
> *From:* Ron Wilson [mailto:ron@tvnz.co.nz]
> *Sent:* Wednesday, July 21, 2010 3:52 PM
> *To:* Nagios Users List
> *Subject:* Re: [Nagios-users] effective use of NSClient++ Eventlog
> management
>
>
>
> I have tried several times over the past year but never managed to get the
> check_eventlog working. If you have any success do tell us about it
>
>
>
> *From:* keshav murthy [mailto:nkeshav12@gmail.com]
> *Sent:* Wednesday, 21 July 2010 10:07 p.m.
> *To:* nagios-users@lists.sourceforge.net
> *Subject:* [Nagios-users] effective use of NSClient++ Eventlog management
>
>
>
> Dear all,
>
>
>
> We are moving from pnsclient to NSclient++ for all our windows client. We
> would like to use the Event log management available with NSClient++.
>
>
>
> We would like to do the following (if it is feasible)
>
>
>
> Top Ten events in all the clients overall.
>
> Critical Event IDs on any server: We are looking for only the critical
> event ID's (like a AD account lockout event ID etc) to be captured and
> reported to the nagios server.
>
>
>
> Have anybody started using this eventlog management effectively and what
> are your way of putting it in place.
>
>
>
> Cheers
>
> Keshav
>
> ==========================================================
>
> For more information on the Television New Zealand Group, visit us
>
> online at tvnz.co.nz
>
> ==========================================================
>
> CAUTION: This e-mail and any attachment(s) contain information that
>
> is intended to be read only by the named recipient(s). This information
>
> is not to be used or stored by any other person and/or organisation.
>
>
> ------------------------------
> The New Busy is not the too busy. Combine all your e-mail accounts with
> Hotmail. Get busy.<http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4>
>
>
> ------------------------------------------------------------------------------
> The Palm PDK Hot Apps Program offers developers who use the
> Plug-In Development Kit to bring their C/C++ apps to Palm for a share
> of $1 Million in cash or HP Products. Visit us here for more details:
> http://ad.doubleclick.net/clk;226879339;13503038;l?
> http://clk.atdmt.com/CRS/go/247765532/direct/01/
> _______________________________________________
> Nagios-users mailing list
> Nagios-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> > > > Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> > > > Messages without supporting info will risk being sent to /dev/null
>
[Attachment #5 (text/html)]
<div>Thanks Kevin/Mat/Jel and Ron.</div>
<div> </div>
<div>I will try them and take which one suits best.<br><br></div>
<div class="gmail_quote">On Tue, Jul 27, 2010 at 1:49 AM, Mathew Walker <span \
dir="ltr"><<a href="mailto:lmw94002@hotmail.com">lmw94002@hotmail.com</a>></span> \
wrote:<br> <blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px \
0px 0.8ex; BORDER-LEFT: #ccc 1px solid"> <div>I use: <a \
href="http://www.monitoringexchange.org/inventory/Check-Plugins/Operating-Systems/Windows/NagEventLog" \
target="_blank">http://www.monitoringexchange.org/inventory/Check-Plugins/Operating-Systems/Windows/NagEventLog</a><br>
<br>It works pretty good, and you can set it up to alert for specific errors or \
look for all and filter out fluff ones. I even went to far as to figure out the \
registry settings and push updates for the eventIDs to filter via GPO. Maybe not as \
glamourous, but it worked pretty good in our environment.<br> <br>-- <br>Mat W. - <a \
href="http://www.techadre.com/" \
target="_blank">http://www.techadre.com</a><br><br><br> <br> <hr>
From: <a href="mailto:subscription@kkeane.com" \
target="_blank">subscription@kkeane.com</a> <div class="im"><br>To: <a \
href="mailto:nagios-users@lists.sourceforge.net" \
target="_blank">nagios-users@lists.sourceforge.net</a><br></div>Date: Sat, 24 Jul \
2010 12:29:54 -0700 <div>
<div></div>
<div class="h5"><br>Subject: Re: [Nagios-users] effective use of NSClient++ Eventlog \
management<br><br> <div>
<p><span style="FONT-SIZE: 11pt; COLOR: #1f497d">I wrote my own event log management \
plugin because I didn’t find one that I liked. You can download it as part of the \
Sourceforge tntnagiosplugins project. It should work with NSClient++ (although \
admittedly I am not testing against that).</span></p>
<p><span style="FONT-SIZE: 11pt; COLOR: #1f497d"> </span></p>
<p><span style="FONT-SIZE: 11pt; COLOR: #1f497d">It reports critical and warning \
events on the specified host (it will exclude a number of events that are known to be \
harmless, for instance DCOM 10009 and about a dozen or so other ones).</span></p>
<p><span style="FONT-SIZE: 11pt; COLOR: #1f497d"> </span></p>
<p><span style="FONT-SIZE: 11pt; COLOR: #1f497d">The “top ten events” seems like \
interesting functionality, but doesn’t really fit very well into the Nagios \
philosophy. Nagios can ultimately only distinguish between OK, WARNING, CRITICAL. \
There are better tools for statistical analysis.</span></p>
<p><span style="FONT-SIZE: 11pt; COLOR: #1f497d"> </span></p>
<p><span style="FONT-SIZE: 11pt; COLOR: #1f497d">The collection of plugins also \
contains a separate plugin that reports on login errors.</span></p> <p><span \
style="FONT-SIZE: 11pt; COLOR: #1f497d"> </span></p> <div>
<div style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt \
solid; PADDING-LEFT: 0in; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; PADDING-TOP: \
3pt; BORDER-BOTTOM: medium none"> <p style="MARGIN-LEFT: 0.5in"><b><span \
style="FONT-SIZE: 10pt">From:</span></b><span style="FONT-SIZE: 10pt"> Ron Wilson \
[mailto:<a href="mailto:ron@tvnz.co.nz" target="_blank">ron@tvnz.co.nz</a>] \
<br><b>Sent:</b> Wednesday, July 21, 2010 3:52 PM<br> <b>To:</b> Nagios Users \
List<br><b>Subject:</b> Re: [Nagios-users] effective use of NSClient++ Eventlog \
management</span></p></div></div> <p style="MARGIN-LEFT: 0.5in"> </p>
<p style="MARGIN-LEFT: 0.5in"><span lang="EN-NZ" style="FONT-SIZE: 11pt; COLOR: \
#1f497d">I have tried several times over the past year but never managed to get the \
check_eventlog working. If you have any success do tell us about it</span></p>
<p style="MARGIN-LEFT: 0.5in"><span lang="EN-NZ" style="FONT-SIZE: 11pt; COLOR: \
#1f497d"> </span></p> <div style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0in; \
BORDER-TOP: medium none; PADDING-LEFT: 4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: blue \
1.5pt solid; PADDING-TOP: 0in; BORDER-BOTTOM: medium none"> <div>
<div style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt \
solid; PADDING-LEFT: 0in; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; PADDING-TOP: \
3pt; BORDER-BOTTOM: medium none"> <p style="MARGIN-LEFT: 0.5in"><b><span \
style="FONT-SIZE: 10pt">From:</span></b><span style="FONT-SIZE: 10pt"> keshav murthy \
[mailto:<a href="mailto:nkeshav12@gmail.com" target="_blank">nkeshav12@gmail.com</a>] \
<br><b>Sent:</b> Wednesday, 21 July 2010 10:07 p.m.<br> <b>To:</b> <a \
href="mailto:nagios-users@lists.sourceforge.net" \
target="_blank">nagios-users@lists.sourceforge.net</a><br><b>Subject:</b> \
[Nagios-users] effective use of NSClient++ Eventlog management</span></p></div></div>
<p style="MARGIN-LEFT: 0.5in"><span lang="EN-NZ"> </span></p>
<div>
<p style="MARGIN-LEFT: 0.5in"><span lang="EN-NZ">Dear all,</span></p></div>
<div>
<p style="MARGIN-LEFT: 0.5in"><span lang="EN-NZ"> </span></p></div>
<div>
<p style="MARGIN-LEFT: 0.5in"><span lang="EN-NZ">We are moving from pnsclient to \
NSclient++ for all our windows client. We would like to use the Event log management \
available with NSClient++.</span></p></div> <div>
<p style="MARGIN-LEFT: 0.5in"><span lang="EN-NZ"> </span></p></div>
<div>
<p style="MARGIN-LEFT: 0.5in"><span lang="EN-NZ">We would like to do the following \
(if it is feasible)</span></p></div> <div>
<p style="MARGIN-LEFT: 0.5in"><span lang="EN-NZ"> </span></p></div>
<div>
<p style="MARGIN-LEFT: 0.5in"><span lang="EN-NZ">Top Ten events in all the clients \
overall. </span></p></div> <div>
<p style="MARGIN-LEFT: 0.5in"><span lang="EN-NZ">Critical Event IDs on any server: We \
are looking for only the critical event ID's (like a AD account lockout event ID \
etc) to be captured and reported to the nagios server.</span></p> </div>
<div>
<p style="MARGIN-LEFT: 0.5in"><span lang="EN-NZ"> </span></p></div>
<div>
<p style="MARGIN-LEFT: 0.5in"><span lang="EN-NZ">Have anybody started using this \
eventlog management effectively and what are your way of putting it in \
place.</span></p></div> <div>
<p style="MARGIN-LEFT: 0.5in"><span lang="EN-NZ"> </span></p></div>
<div>
<p style="MARGIN-LEFT: 0.5in"><span lang="EN-NZ">Cheers</span></p></div>
<div>
<p style="MARGIN-LEFT: 0.5in"><span lang="EN-NZ">Keshav</span></p></div></div><pre \
style="MARGIN-LEFT: 0.5in"><span \
lang="EN-NZ">==========================================================</span></pre><pre \
style="MARGIN-LEFT: 0.5in"> <span lang="EN-NZ">For more information on the Television \
New Zealand Group, visit us</span></pre><pre style="MARGIN-LEFT: 0.5in"><span \
lang="EN-NZ">online at <a href="http://tvnz.co.nz/" target="_blank">tvnz.co.nz</a> \
</span></pre> <pre style="MARGIN-LEFT: 0.5in"><span \
lang="EN-NZ">==========================================================</span></pre><pre \
style="MARGIN-LEFT: 0.5in"><span lang="EN-NZ">CAUTION: This e-mail and any \
attachment(s) contain information that</span></pre> <pre style="MARGIN-LEFT: \
0.5in"><span lang="EN-NZ">is intended to be read only by the named recipient(s). \
This information</span></pre><pre style="MARGIN-LEFT: 0.5in"><span lang="EN-NZ">is \
not to be used or stored by any other person and/or organisation.</span></pre> \
</div><br></div></div> <div class="hm">
<hr>
The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail. <a \
href="http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4" \
target="_blank">Get busy.</a></div> \
</div><br>------------------------------------------------------------------------------<br>The \
Palm PDK Hot Apps Program offers developers who use the<br>Plug-In Development Kit to \
bring their C/C++ apps to Palm for a share<br> of $1 Million in cash or HP Products. \
Visit us here for more details:<br><a \
href="http://ad.doubleclick.net/clk;226879339;13503038;l" \
target="_blank">http://ad.doubleclick.net/clk;226879339;13503038;l</a>?<br><a \
href="http://clk.atdmt.com/CRS/go/247765532/direct/01/" \
target="_blank">http://clk.atdmt.com/CRS/go/247765532/direct/01/</a><br> \
_______________________________________________<br>Nagios-users mailing list<br><a \
href="mailto:Nagios-users@lists.sourceforge.net">Nagios-users@lists.sourceforge.net</a><br><a \
href="https://lists.sourceforge.net/lists/listinfo/nagios-users" \
target="_blank">https://lists.sourceforge.net/lists/listinfo/nagios-users</a><br> ::: \
Please include Nagios version, plugin version (-v) and OS when reporting any \
issue.<br>::: Messages without supporting info will risk being sent to \
/dev/null<br></blockquote></div><br>
------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share
of $1 Million in cash or HP Products. Visit us here for more details:
http://ad.doubleclick.net/clk;226879339;13503038;l?
http://clk.atdmt.com/CRS/go/247765532/direct/01/
_______________________________________________
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic