Scribd Logo
Upload

Welcome to Scribd!

  • Monitoring Windows Event Logs With NagEventLog

    Uploaded by

    gabytgv
    96 views8 pages
    Monitoring Windows Event Logs With NagEventLog

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Monitoring Windows Event Logs With NagEventLog

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    96 views8 pages

    Monitoring Windows Event Logs With NagEventLog

    Uploaded by

    gabytgv
    Monitoring Windows Event Logs With NagEventLog

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    Nagios XI Monitoring Windows Event Logs

    With NagEventLog
    The Industry Standard in IT Infrastructure Monitoring
    Purpose
    This document describes how to monitor Windows event logs using Nagios XI and the NagEventLog addon.

    Target Audience
    This document is intended for use by Nagios XI Administrators.

    Prerequisites
    You must have completed the following steps before you can monitor Windows event logs using this documentation:
    Configure NSCA on the Nagios XI Server
    You must have configured the NSCA agent on your Nagios XI server in order to monitor Windows event logs with NagEventLog.
    Instructions for configuring NSCA can be found in a separate document titled Using NSCA With XI. This document can be found on
    the Nagios Library (http://library.nagios.com) or can be downloaded directly at:
    http://assets.nagios.com/downloads/nagiosxi/docs/Using_NSCA_With_XI.pdf
    Install the Windows Event Log Monitoring Wizard
    You must install the Windows Event Log Monitoring Wizard on your Nagios XI server. The wizard can be downloaded from:
    http://assets.nagios.com/downloads/nagiosxi/wizards/windowseventlog.zip

    Overview
    In order to monitor Windows event logs using Nagios XI and the NagEventLog agent, you must complete the following:
    1.
    2.
    3.

    Install the NagEventLog agent on the Windows machine


    Configure the NagEventLog agent and define event log filters/patterns to monitor
    Run the Windows Event Log monitoring wizard in Nagios XI

    The following pages will take you through each of these steps.

    Nagios Enterprises, LLC


    P.O. Box 8154
    Saint Paul, MN 55108
    USA

    US: 1-888-NAGIOS-1
    Int'l: +1 651-204-9102
    Fax: +1 651-204-9103

    Web: www.nagios.com
    Email: sales@nagios.com

    Page 1
    Copyright 2011 Nagios Enterprises, LLC
    Revision 1.0 August, 2013

    Nagios XI Monitoring Windows Event Logs


    With NagEventLog
    Installing NagEventLog
    In order to monitor Windows event logs with Nagios XI, you must install the NagEventLog agent on the Windows machine. You can get
    the latest version of NagEventLog from Steve Shipway's website (http://www.steveshipway.org/software/) or download a copy of the
    latest version (1.9.2 as of the time of writing) from:
    http://assets.nagios.com/downloads/addons/nageventlog/nagevlog-setup-1.9.2.exe
    Launch the NagEventLog installer on the Windows machine and click Next to
    get started.

    Read the program and license information and click Next to continue.

    When prompted for the installation directory, click Next to accept the default
    and continue.

    Nagios Enterprises, LLC


    P.O. Box 8154
    Saint Paul, MN 55108
    USA

    US: 1-888-NAGIOS-1
    Int'l: +1 651-204-9102
    Fax: +1 651-204-9103

    Web: www.nagios.com
    Email: sales@nagios.com

    Page 2
    Copyright 2011 Nagios Enterprises, LLC
    Revision 1.0 August, 2013

    Nagios XI Monitoring Windows Event Logs


    With NagEventLog
    When prompted for which components to install, click Next to accept the
    defaults and continue.

    When prompted for the start menu folder name, click Next to accept the default
    and continue.

    On the configuration screen, make sure you specify:


    1.

    The host name (as currently defined, or as you will define it in Nagios
    XI) for the Windows machine you are installing the agent on in the
    Host name for this computer field.

    2.

    The IP address of the Nagios XI server in the Nagios NSCA Server


    name field.

    3.

    The port that NSCA is running on (defaults to 5667) on the Nagios XI


    server in the Nagios NSCA Server port field.

    4.

    The password that you have configured NSCA to use on the Nagios
    XI server in the Nagios NSCA Server password field.

    Click Next to continue.

    Nagios Enterprises, LLC


    P.O. Box 8154
    Saint Paul, MN 55108
    USA

    US: 1-888-NAGIOS-1
    Int'l: +1 651-204-9102
    Fax: +1 651-204-9103

    Web: www.nagios.com
    Email: sales@nagios.com

    Page 3
    Copyright 2011 Nagios Enterprises, LLC
    Revision 1.0 August, 2013

    Nagios XI Monitoring Windows Event Logs


    With NagEventLog
    On the next screen, optionally select the option to create a desktop icon for the
    NagEventLog agent (recommended).
    Click Next to continue.

    Click Install to begin the installation.

    Click Next to continue once the installation is completed.


    Note: You're not finished yet! You still need to configure the agent. Instructions
    for doing so are found on the following pages.

    Nagios Enterprises, LLC


    P.O. Box 8154
    Saint Paul, MN 55108
    USA

    US: 1-888-NAGIOS-1
    Int'l: +1 651-204-9102
    Fax: +1 651-204-9103

    Web: www.nagios.com
    Email: sales@nagios.com

    Page 4
    Copyright 2011 Nagios Enterprises, LLC
    Revision 1.0 August, 2013

    Nagios XI Monitoring Windows Event Logs


    With NagEventLog
    Make sure the Configure the EventLog monitor option is selected and click
    Finish.

    The main configuration screen for the agent will appear.


    Click the NSCA Daemons button to finish configuration of the NSCA settings.

    The NSCA Server Settings screen will appear. Make sure you selected the
    same encryption method in the Encryption option as what is used to decrypt
    data in the NSCA configuration on the Nagios XI server.
    Important: If the NSCA password and/or encryption method do not match the
    settings used by the NSCA agent on the Nagios XI server, event log monitoring
    will not work!
    Click OK to continue.

    Nagios Enterprises, LLC


    P.O. Box 8154
    Saint Paul, MN 55108
    USA

    US: 1-888-NAGIOS-1
    Int'l: +1 651-204-9102
    Fax: +1 651-204-9103

    Web: www.nagios.com
    Email: sales@nagios.com

    Page 5
    Copyright 2011 Nagios Enterprises, LLC
    Revision 1.0 August, 2013

    Nagios XI Monitoring Windows Event Logs


    With NagEventLog
    Select Yes when prompted if you want to save the NSCA settings.

    Important: If you changed NSCA settings, you will have to restart the
    NagiosEventLog service on the Windows machine.
    You can do this by using the Computer Management console, or by issuing the
    following commands from a command prompt:
    net stop NagiosEventLog
    net start NagiosEventLog

    Configuring Event Log Monitoring


    To configure how event logs are monitored, you defined one or more filters in
    the Nagios Eventlog Control Manager.
    How Filters Work
    When an event log item matches a filter you defined, the NagEventLog agent
    will send an alert to the Nagios server using the NSCA protocol.
    Default Filters
    There are three default filters that get defined one each for the System,
    Application, and Security event logs.
    Prioritizing Matches
    Filters are matched by priority in the order they are defined. You can change
    the priority of filters by using the Move up and Move down buttons.
    Creating New Filters
    To create a new filter, click the Create New button.
    Editing Existing Filters
    To edit an existing filter, select the filter from the drop-down list and click the Edit button.

    Nagios Enterprises, LLC


    P.O. Box 8154
    Saint Paul, MN 55108
    USA

    US: 1-888-NAGIOS-1
    Int'l: +1 651-204-9102
    Fax: +1 651-204-9103

    Web: www.nagios.com
    Email: sales@nagios.com

    Page 6
    Copyright 2011 Nagios Enterprises, LLC
    Revision 1.0 August, 2013

    Nagios XI Monitoring Windows Event Logs


    With NagEventLog
    Defining Filter Settings
    When defining or changing each filter's settings, you are able to specify:
    1.

    What Windows Event Log the filter applies to

    2.

    What type of events match the filter rules, including:


    a. Event type (Error, Warning, Audit Failure, etc.)
    b. Event Ids (optional)
    c. String matches (optional)
    d. Event sources (optional)

    3. The service name (as defined in Nagios XI) that alerts for the filter will
    be associated with.

    4. The service status (e.g. criticality) of a filter match.


    Important: The service name you define in each filter must correspond to a
    service in Nagios XI. You will define the services using the Nagios XI wizard on
    the following pages of the documentation.

    Using The Configuration Wizard


    Once you have finished defining event log filters on the Windows machine, you need to run the Windows Event Log Monitoring wizard
    in Nagios XI.
    When you run the wizard, make sure of the following:
    1.

    The Host Name you specify in the wizard matches the Host Name you
    specified in the NSCA Server Settings screen of the NagEventLog
    agent.

    2.

    The Event Log Service Names you specify in the wizard match the
    Service Names you specified when defining filters in the NagEventLog
    agent.

    Nagios Enterprises, LLC


    P.O. Box 8154
    Saint Paul, MN 55108
    USA

    US: 1-888-NAGIOS-1
    Int'l: +1 651-204-9102
    Fax: +1 651-204-9103

    Web: www.nagios.com
    Email: sales@nagios.com

    Page 7
    Copyright 2011 Nagios Enterprises, LLC
    Revision 1.0 August, 2013

    Nagios XI Monitoring Windows Event Logs


    With NagEventLog
    Once you finish using the wizard, Nagios XI will create the
    services for handling event log information.
    Note: A special EventLog Agent service is created to handle
    heartbeat information sent from the NagEventLog agent.

    This screenshot gives an example of how things might look


    after event log alerts start to arrive from the NagEventLog
    agent.

    Nagios Enterprises, LLC


    P.O. Box 8154
    Saint Paul, MN 55108
    USA

    US: 1-888-NAGIOS-1
    Int'l: +1 651-204-9102
    Fax: +1 651-204-9103

    Web: www.nagios.com
    Email: sales@nagios.com

    Page 8
    Copyright 2011 Nagios Enterprises, LLC
    Revision 1.0 August, 2013

    You might also like