Discussion:
[Check_mk (english)] Monitoring event log for windows
c***@gmail.com
2013-07-04 20:25:10 UTC
Permalink
Hi guys,

There is the possibility of monitoring a specific eventlog on windows and
ignore all others via logwatch?

Att.
Daniel Bason
2013-07-04 20:52:08 UTC
Permalink
As of 1.1.13 I think this is built into the windows client:

*1.1.13i1*: Advanced agent configuration

New in *1.1.13i1*: the eventlog monitoring of the Windows agent can now be
configured. For each eventlog you can decide, which messages should be sent
to Check_MK. The default is that all eventlogs are processed and messages
of the types warning or critical (or security failures) are being sent.

If you create a file called check_mk.ini in the agent directory then you
can configure which eventlogs and which levels to process. Here is an
example:
check_mk.ini

[logwatch]
Daniel Bason
2013-07-04 21:03:55 UTC
Permalink
I'm not sure sorry - you should also reply to all so the entire list gets
the message. You can reclassify messages in main.mk eg:
logwatch_patterns = {
'System': [
('I', 'Print' ),
('I', 'WindowsUpdate'),
('I', 'UmrdpService'),
('I', 'DnsApi'),
('W', 'private bytes memory limit')
],
'Application': [
('I', 'Microsoft-Windows-CAPI2'),
('W', 'ASP.NET'),
]
}

So maybe you need to set the messages you don't care about to ignore; I'm
not sure if you can do it for all messages and then just leave the messages
you do want.
Post by Daniel Bason
[logwatch]
c***@gmail.com
2013-07-04 23:03:45 UTC
Permalink
Sorry, I forgot reply to all.

My problem is how to make a regex that ignores everything I want to ignore.

In the main.mk

'Application': [
#reclassify CRITICAL for ASP.NET
('C', 'ASP.NET'),
# Ignore all different ASP.NET *HOW TO DO????*
*('I', 'Ignore all diff ASP.NET')*
],

I donŽt know if I understood

Att
Post by Daniel Bason
I'm not sure sorry - you should also reply to all so the entire list gets
logwatch_patterns = {
'System': [
('I', 'Print' ),
('I', 'WindowsUpdate'),
('I', 'UmrdpService'),
('I', 'DnsApi'),
('W', 'private bytes memory limit')
],
'Application': [
('I', 'Microsoft-Windows-CAPI2'),
('W', 'ASP.NET'),
]
}
So maybe you need to set the messages you don't care about to ignore; I'm
not sure if you can do it for all messages and then just leave the messages
you do want.
Post by Daniel Bason
[logwatch]
Daniel Bason
2013-07-04 23:08:22 UTC
Permalink
'Application': [
('C', 'ASP.NET <http://asp.net/> 2.0.50727.0'),
('I', 'ASP.NET')
],

Should work
Post by c***@gmail.com
Sorry, I forgot reply to all.
My problem is how to make a regex that ignores everything I want to ignore.
In the main.mk
'Application': [
#reclassify CRITICAL for ASP.NET
('C', 'ASP.NET'),
# Ignore all different ASP.NET *HOW TO DO????*
*('I', 'Ignore all diff ASP.NET')*
],
I donŽt know if I understood
Att
Post by Daniel Bason
I'm not sure sorry - you should also reply to all so the entire list gets
logwatch_patterns = {
'System': [
('I', 'Print' ),
('I', 'WindowsUpdate'),
('I', 'UmrdpService'),
('I', 'DnsApi'),
('W', 'private bytes memory limit')
],
'Application': [
('I', 'Microsoft-Windows-CAPI2'),
('W', 'ASP.NET'),
]
}
So maybe you need to set the messages you don't care about to ignore; I'm
not sure if you can do it for all messages and then just leave the messages
you do want.
Post by Daniel Bason
[logwatch]
Aravind M D
2013-07-08 14:22:08 UTC
Permalink
On 2013-07-05 01:55, ***@gmail.com wrote:

Hi ,

I tried
to monitor the windows event log using event id. Created a vbscript
which connects to WMI and search for particular eventid and reports it.
Script is configured with check_mk using mrpe. You can find more
information on below link.

http://www.linuz.in/?p=143
Post by c***@gmail.com
Hi guys,
There is the possibility of monitoring a specific eventlog on windows
and ignore all others via logwatch?
Post by c***@gmail.com
Att.
_______________________________________________
Post by c***@gmail.com
checkmk-en mailing
list
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en [1]

--

Regards,

Aravind M D
Open Source Evangelist


Links:
------
[1]
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en
c***@gmail.com
2013-07-08 20:23:17 UTC
Permalink
Thanks Aravind,

I'll try and I report the result.

Thanks.
**
Hi ,
I tried to monitor the windows event log using event id. Created a
vbscript which connects to WMI and search for particular eventid and
reports it. Script is configured with check_mk using mrpe. You can find
more information on below link.
http://www.linuz.in/?p=143
Hi guys,
There is the possibility of monitoring a specific eventlog on windows and
ignore all others via logwatch?
Att.
_______________________________________________
--
Regards,
Aravind M D
Open Source Evangelist
_______________________________________________
checkmk-en mailing list
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en
Continue reading on narkive:
Loading...