i’m completly new to icinga and monitoring.
I got it set up, installed icinga director and was also able to monitor a single server on a windwos client which has the icinga2 agent installed.
Another question is how to realise the following:
We have a backup batterie connected via usb to the server.
There is an event if the main power is lost and a second event if its restored (and a third if server a shutting down).
Is it possible to clear warning if the second event happens?
and only send a message if the third event occurs?
i additionally installed nscp+ agent on the windows machine. It has a check_eventlog command which is working if module checkeventlog is loaded. But i have no idea how to write a template command with this information. I just want to check for specific IDs and Providers.
Can someone help me or give me an example so that i have a starting point?
nscp is the way to go for this. I don’t think there is a premade one for the eventlog check. But you can write probably write your own by copying from the existing definitions from command-nscp-local.conf (/share/icigna2/include)
About your second question. Yes, that is very much possible with some icinga config tricks but you first need a working check.
Something like this should work with the default nscp ITL CheckCommand. The further commands inside the ITL always use this as basis. I haven’t tested it though, just copied some sample calls from a Google search.
apply Service "eventlog" {
check_command = "nscp-local"
command_endpoint = host.vars.client_endpoint
vars.nscp_modules = [ "CheckEventLog" ] //explicitly load this module, afaik this is not enabled by default
vars.nscp_query = "check_eventlog"
vars.nscp_arguments = [ "file=Application", "MaxWarn=1", "MaxCrit=2", "filter=id=36887", "scan-range=-7d", "unique", "syntax=ID: %id%, Source: %source%, File: %file%" ]
assign where host.vars.os == "Windows" && host.vars.client_endpoint
}
The specific arguments and syntax needs to be determined from the NSClient++ docs.
I think your checks are executed on the master, and not the agent. Likely you are missing the command_endpoint configuration steps for executing the check on the agent itself.