Thanks. You gave me some valious point to continue my work. I was not using the last version of NC_Net. I will try EVENTLOG_NEW and I will try to implement any of the solutions that you have commented. I will post any result I get.
2007/10/4, Anthony Montibello <[EMAIL PROTECTED]>: > WMI should solve this problem for you. > > First off, make sure your using the current version of NC_NEt 4.1a and you > would have access to a more optimized event log check called "eventlog_new" > > The Output is the same, thus it does not give what your are looking for. > (but it may be more optimized than the WMI You would need to test this.) if > it is a quicker test, I recomend using it and setting up event handlers or > manually running check_nt using WMI to get the file name. note this assumes > that you normally do not get an alert , so you would want the checking to > induce the least load. > > If you know the names of the files you can setup seperate checks using the > REGEXP of the EVENTLOG_NEw and this would serve as a workaround. > > If your looking for the files being modified. FILEAGE may be a good > workaround. > > you should be able to setup an event handler that takes the EVENTID reported > by EVENTLOG check and runs a WMICAT, querry the WMI (Windows Managment > interface) for the Event Log Message. > CLASS - CIMV2 Win32_NTLogEvent -has the events and the messeges in it. > writing a querry to it may be tricky but if you need the File mane from the > Message field this is the way to get it without writing new scripts, or > paying for upgrades. > > or just run WMI checks directly and use wrapper scripts to interpret the > results. > please not on this, if a querry has no match there may be a NO OUTPUT error. -- Florencio Cano Gabarda ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
