Nagios - Monitoring Eventlogs on Windows Servers (My Comprehensive Guide)

Monitor DNS events on Windows Servers

• Copy eventlog_agent files to c:\
• Create folder on c:\ called "programme" 
• Create subfolder "eventlog_agent"
• Copy the eventlog_agent files (.exe, .bat, .reg) to c:\programme\eventlog_agent\
• Run eventlog_agent.exe (if doing it manually)

http://naplax.sourceforge.net/install_check_win_eventlog.txt

 Create /usr/local/nagios/etc/objects/eventlogs.cfg

• add "eventlogs.cfg" to nagios.cfg
• Add hosts to eventlogs.cfg

Contents - eventlogs.cfg

define service{
       service_description    System Eventlog
       use                             generic-service
       check_command         check_win_eventlog!a!System!.*:+1
       max_check_attempts     1
       host_name                    Recruit
       contact_groups             admins
       is_volatile                     1
}



define service{
       service_description       DNS Eventlog
       use                              generic-service
       check_command          check_win_eventlog!a!DNS!.*:+1
       max_check_attempts     1
       host_name                    Recruit
       contact_groups             admins
       is_volatile                      1
}


define service{
       service_description      Directory Service Eventlog
       use                               generic-service
       check_command          check_win_eventlog!a!Directory Service!.*:+1
       max_check_attempts     1
       host_name                    Recruit
       contact_groups             admins
       is_volatile                     1

define service{
       service_description    File Replication Service Eventlog
       use                            generic-service
       check_command          check_win_eventlog!a!File Replication Service!.*:+1
       max_check_attempts     1
       host_name                   Recruit
       contact_groups            admins
       is_volatile                     1
}

The bits in red needs to be filled in correctly.

Errors

If eventlog.exe not running you'll get this error message

Current Status:	CRITICAL    (for 0d 0h 1m 57s)
Status Information:	An Error occured before state could be read: Connection refused at /usr/local/nagios/libexec/check_win_eventlog.pl line 145.

If errors continue - restart the .exe running on the host

To automate & install the .exe as a service

You will need 'instsrv.exe' and 'srvany.exe' from Microsoft Resource Kit.
Just copy those files together with 'eventlog_agent.exe', 'eventlog_agent.bat' and
'eventlog_agent.reg' into the folder 'c:\programme\eventlog_agent' and run the
batch file. If you want to use a different folder, then you will need to modify
the path in 'eventlog_agent.bat' and 'eventlog_agent.reg'
Autostart

You may put the exe into your Systems Autostart Folder. But this requires that there is
someone logged in.

Uninstall the eventlog_agent
If you used installation method a) or c), then can just delete the Files.
If you used installation method b), then you go into the installation directory
and call "eventlog_agent.bat stop" on the console.