Hello Michael. Michael Dalton wrote: > I am using Fedora 6 with nagios 2.9 monitoring multiple windows 2003 > servers. I have looked on the message boards for a solution and have not > come up with one. > > What I would like to do is monitor a specific windows event.....event > id=55....(a disc failure or beginning to fail). > > Has anyone else done this?
I've just done this. There are several ways. You can use NC_Net (http://shatterit.com/nc_net/) which has the ability to monitor the eventlog. But I haven't tested it. I'm using Logparser 2.2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en) which parses the eventlog for some IDs, e.g.: logparser "SELECT * FROM System where EventID IN(500;501;503;509;510)" -i:EVT -o:csv > "c:\Programme\Log Parser 2.2\output.csv" One can use FIND to look if one of the IDs was found. I do this with the following batch/cmd file which is called itself by NRPE_NT (see Nagios-Exchange): @ECHO OFF "C:\Programme\Log Parser 2.2\logparser" "SELECT * FROM System where EventID IN(500;501;503;509;510)" -i:EVT -o:csv > d:\Logparser\output.csv FIND "Elements output: 0" "C:\Programme\Log Parser 2.2\output.csv" > NUL IF %ERRORLEVEL% GTR 0 ( REM FIND "System," "C:\Programme\Log Parser 2.2\output.csv" echo Fehlermeldung im System-Eventlog gefunden exit 1 ) echo OK exit 0 Probably using NC_Net is much smarter but I did it this way, since we already use NRPE_NT on this server. Greetings, Rene -- Tipps & Tricks für Linux, MySQL & Webdesign -> http://home.telebel.de/~referti/blog/ ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Nagios-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
