Windows Eventlog

Hi everyone.

i’m completly new to icinga and monitoring.
I got it set up, installed icinga director and was also able to monitor a single server on a windwos client which has the icinga2 agent installed.

Now i wanted to monitor the eventlog but couldn’t find a command within icinga director.
How is that done?
I’ve already loocked at https://icinga.com/docs/icinga2/latest/doc/10-icinga-template-library/#windows-plugins but couldn’t find something.

Another question is how to realise the following:
We have a backup batterie connected via usb to the server.
There is an event if the main power is lost and a second event if its restored (and a third if server a shutting down).
Is it possible to clear warning if the second event happens?
and only send a message if the third event occurs?

Thanks

i additionally installed nscp+ agent on the windows machine. It has a check_eventlog command which is working if module checkeventlog is loaded. But i have no idea how to write a template command with this information. I just want to check for specific IDs and Providers.
Can someone help me or give me an example so that i have a starting point?

nscp is the way to go for this. I don’t think there is a premade one for the eventlog check. But you can write probably write your own by copying from the existing definitions from command-nscp-local.conf (/share/icigna2/include)

About your second question. Yes, that is very much possible with some icinga config tricks but you first need a working check.

Something like this should work with the default nscp ITL CheckCommand. The further commands inside the ITL always use this as basis. I haven’t tested it though, just copied some sample calls from a Google search.

apply Service "eventlog" {
  check_command = "nscp-local"

  command_endpoint = host.vars.client_endpoint

  vars.nscp_modules = [ "CheckEventLog" ] //explicitly load this module, afaik this is not enabled by default
  vars.nscp_query = "check_eventlog"

  vars.nscp_arguments = [ "file=Application", "MaxWarn=1", "MaxCrit=2", "filter=id=36887", "scan-range=-7d", "unique", "syntax=ID: %id%, Source: %source%, File: %file%" ]

  assign where host.vars.os == "Windows" && host.vars.client_endpoint
}

The specific arguments and syntax needs to be determined from the NSClient++ docs.

Cheers,
Michael

Hi,

thanks for answering. meanwhile i came up with another solution which is even a bit more flexible i think.
you can find a german description here: https://administrator.de/content/detail.php?id=468894&token=691#comment-1377367

This allows to check anything which can be done by powershell and without the need of nscp.

1 Like

Hi Michael,

We are getting below error in Icinga for this ‘eventlog’ service.

execvpe(.
scp.exe) failed: No such file or directory

Please let me know any modification needed or any package installation needed for this.

Regards,
AviKarry

See here for troubleshooting this error.

Thanks for the update.

Where I need to correct NscpPath ?

I am using NSCP(Nsclient) setup at client side instead of Icinga-client.

I think your checks are executed on the master, and not the agent. Likely you are missing the command_endpoint configuration steps for executing the check on the agent itself.