> I need to monitor Windows event logs. You'd think this would > be easy, but either the tools available out there don't work (which > I doubt, I KNOW you monitor event logs), or I'm man enough to admit > that I'm a hopeless idiot.
In my experience, managing Windows Event Logs is a huge pain. The one thing that I found simplified it was Microsoft Log Parser http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en http://www.microsoft.com/technet/community/columns/profwin/pw0505.mspx http://www.microsoft.com/technet/community/columns/scripts/sg0105.mspx >From the Microsoft blurb: "Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows(r) operating system such as the Event Log, the Registry, the file system, and Active Directory(r). You tell Log Parser what information you need and how you want it processed. The results of your query can be custom-formatted in text based output, or they can be persisted to more specialty targets like SQL, SYSLOG, or a chart. " I'm not sure if you can tail logs into Log Parser, but on Windows I have found it useful for dumping application logfiles to a central syslog server periodically. Log Parser uses checkpoints to keep track of where it is up to in an application logfile, so you can schedule Log Parser to run every minute and dump everything since the last checkpoint. You could have Microsoft Log Parser dump the Windows Event Log from every machine into a central syslog server or MS SQL Server, then query either of those. For querying MS SQL Server from Nagios, I have had good results with this http://article.gmane.org/gmane.network.nagios.user/49183 Either using bsqldb and freetds or a Perl script http://library.pantek.com/Mailing%20Lists/lists.sourceforge.net/nagios-users/att-1600/check_mssql.pl Peter Edmonds ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Nagios-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
