Icingaframework for Windows

Service Monitoring
1

Hello
is der an easy way to monitor Windows Events from different Providers with same or different Event IDs in one Invoke-IcingaCheckEventlog call ( Director) ?

Example these essential IDs

Event Log: System; Expression: ( EventSourceName Equals Microsoft-Windows-Eventlog ) AND ( EventDisplayNumber Equals 6000 )
Event Log: System; Expression: ( EventSourceName Equals TCPIP ) AND ( EventDisplayNumber Equals 4198 ) OR ( EventDisplayNumber Equals 4199 )
Event Log: System; Expression: ( EventSourceName Equals DISK ) AND ( EventDisplayNumber Equals 31 )
Event Log: System; Expression: ( EventSourceName Equals DISK ) OR ( EventSourceName Equals Ntfs ) AND ( EventDisplayNumber Equals 11 ) OR ( EventDisplayNumber Equals 50 )
Event Log: Application; Expression: ( EventSourceName Equals Perflib ) AND ( EventDisplayNumber Equals 1015 )
Event Log: Application; Expression: ( EventSourceName Equals loadperf ) AND ( EventDisplayNumber Equals 2004 ) OR ( EventDisplayNumber Equals 2006 ) OR ( EventDisplayNumber Equals 2007 ) OR ( EventDisplayNumber Equals 3000 ) OR ( EventDisplayNumber Equals 3001 ) OR ( EventDisplayNumber Equals 3002 ) OR ( EventDisplayNumber Equals 3012 ) OR ( EventDisplayNumber Equals 3018 ) OR ( EventDisplayNumber Equals 3015 )
Event Log: System; Expression: ( EventSourceName Equals Service Control Manager ) AND ( EventDisplayNumber Equals 7037 ) OR ( EventDisplayNumber Equals 7030 )
Event Log: System; Expression: ( EventSourceName Equals Service Control Manager ) AND ( EventDisplayNumber Equals 7015 ) OR ( EventDisplayNumber Equals 7017 ) OR ( EventDisplayNumber Equals 7018 ) OR ( EventDisplayNumber Equals 7019 ) OR ( EventDisplayNumber Equals 7020 )
Event Log: System; Expression: ( EventSourceName Equals Microsoft-Windows-Ntfs ) AND ( EventDisplayNumber (UnsignedInteger) Equals 98 ) AND ( Name Equals Params/Param[1] (String) ) AND ( Params/Param[3] (UnsignedInteger) Equals 1 ) OR ( Params/Param[3] (UnsignedInteger) Equals 2 ) OR ( Params/Param[3] (UnsignedInteger) Equals 3 )
Event Log: System; Expression: ( EventSourceName Equals Server ) AND ( EventDisplayNumber Equals 2506 )

Thx for any Ideas
(Greylog is not the solution :wink: )
Claus

2

Hey Claus,

I edited your post for readability, for the future you can learn more about markdown formatting here :slight_smile: