Yeah, I have already looked through the serer in question and made exceptions for the few (WinHTTP, TSM client, etc) for services that regularly start and stop.
Since we currently have zero monitoring for this, I'll start with the EventID route and run from there. Dave -----Original Message----- From: Steven Peck [mailto:[email protected]] Sent: Tuesday, March 02, 2010 11:34 AM To: NT System Admin Issues Subject: Re: Monitoring services Well that would depend on how the various services worked. We have a few here that will restart as part of how they update files. So seeing the event log entry would get you a lot of spurious alarms. On Tue, Mar 2, 2010 at 10:19 AM, David Lum <[email protected]> wrote: > Sorry, I wasn't asking for a tool, but for method. We already use Nagios > here to watch for event ID's, I was wondering if it makes more sense to look > for "service stopped" messages in the event log or should I look for 55 > services independently. > > > > Going forward I plan to monitor all services on all servers, and watching > the event log would be FAR simpler than legging out 5,000 services. I'm just > wondering if it's possible (or likely) that a service would stop without a > corresponding Event log entry. > > David Lum // SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 // (Cell) 503.267.9764 > > > > > > > > From: Sherry Abercrombie [mailto:[email protected]] > Sent: Tuesday, March 02, 2010 9:55 AM > To: NT System Admin Issues > Subject: Re: Monitoring services > > > > I will second Nagios. There is a way to monitor event id's, but I'm not > sure what that process is. We don't really use it for event id's, but do > use it for passive checks. There are always new add-ins for Nagios. > > On Tue, Mar 2, 2010 at 11:39 AM, Cameron <[email protected]> wrote: > > I think Nagios can monitor pretty much any service, but I don't think it > will monitor for Event ID's...but I could be mistaken (and you can't beat > the price! (free!)) > > > > On Tue, Mar 2, 2010 at 11:36 AM, David Lum <[email protected]> wrote: > > I would like to add comprehensive monitoring of all running Windows server > services. One method is to monitor each service specifically, but could you > pretty much the same thing by monitoring the System event logs for event ID > 7056? > > David Lum // SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 // (Cell) 503.267.9764 > > > > > > > > > > > > > > > -- > Sherry Abercrombie > > "Any sufficiently advanced technology is indistinguishable from magic." > Arthur C. Clarke > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
