Why not get a ntlog to syslog tool, and reroute the logs to a syslog server for all servers. Then just monitor at that one location. Of course of the ntevent->syslog tool stopped....
-----Original Message----- From: Steven Peck [mailto:[email protected]] Sent: Tuesday, March 02, 2010 12:34 PM To: NT System Admin Issues Subject: Re: Monitoring services Well that would depend on how the various services worked. We have a few here that will restart as part of how they update files. So seeing the event log entry would get you a lot of spurious alarms. On Tue, Mar 2, 2010 at 10:19 AM, David Lum <[email protected]> wrote: > Sorry, I wasn't asking for a tool, but for method. We already use > Nagios here to watch for event ID's, I was wondering if it makes more > sense to look for "service stopped" messages in the event log or > should I look for 55 services independently. > > > > Going forward I plan to monitor all services on all servers, and > watching the event log would be FAR simpler than legging out 5,000 > services. I'm just wondering if it's possible (or likely) that a > service would stop without a corresponding Event log entry. > > David Lum // SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 // (Cell) 503.267.9764 > > > > > > > > From: Sherry Abercrombie [mailto:[email protected]] > Sent: Tuesday, March 02, 2010 9:55 AM > To: NT System Admin Issues > Subject: Re: Monitoring services > > > > I will second Nagios. There is a way to monitor event id's, but I'm > not sure what that process is. We don't really use it for event id's, > but do use it for passive checks. There are always new add-ins for Nagios. > > On Tue, Mar 2, 2010 at 11:39 AM, Cameron <[email protected]> wrote: > > I think Nagios can monitor pretty much any service, but I don't think > it will monitor for Event ID's...but I could be mistaken (and you > can't beat the price! (free!)) > > > > On Tue, Mar 2, 2010 at 11:36 AM, David Lum <[email protected]> wrote: > > I would like to add comprehensive monitoring of all running Windows > server services. One method is to monitor each service specifically, > but could you pretty much the same thing by monitoring the System > event logs for event ID 7056? > > David Lum // SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 // (Cell) 503.267.9764 > > > > > > > > > > > > > > > -- > Sherry Abercrombie > > "Any sufficiently advanced technology is indistinguishable from magic." > Arthur C. Clarke > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ---- For more information about Lewis and Roca LLP, please go to www.lewisandroca.com. Phoenix (602) 262-5311 Tucson (520) 622-2090 Las Vegas (702) 949-8200 Reno (775) 823-2900 Minden (775) 586-9500 Albuquerque (505) 764-5400 Silicon Valley (650) 391-1380 This message is intended only for the use of the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender of this E-Mail by return E-Mail or by telephone. In accordance with Internal Revenue Service Circular 230, we advise you that if this email contains any tax advice, such tax advice was not intended or written to be used, and it cannot be used, by any taxpayer for the purpose of avoiding penalties that may be imposed on the taxpayer. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
