Sie sind hier

Parse Windows Log Files For Errors

4 posts / 0 new
Letzter Beitrag
dangibbons
Bild des Benutzers dangibbons
Parse Windows Log Files For Errors

Hi,

We're just taking OpsView for a spin and we really like it so far but I have a question regarding something we are stuck on:

We have a lot of Windows servers and one thing we must be able to do is monitor text based log files for error strings.  I can see there is a nagios check_logfiles plugin but I can't see how this will work with Windows.

Is parsing a log file in Windows even possible with OpsView?

Thanks

Dan

smarsh
Bild des Benutzers smarsh
Re: Parse Windows Log Files For Errors

Hi Dan,

I havent seen Windows log file monitoring with Opsview previously, however i have used check_logfiles before on Linux systems to check for a certain string and alert on that.

Have you tried using "check_nrpe -H localhost get_logfiles" etc? I.e. install NSClient on the Windows machine, then copy the check_logfiles to the local machine, define it in NSC.ini (i think) and then run "check_nrpe -H windowshost -c check_logfiles -a string-we-want" for example!

Cheers,

Sam

dangibbons
Bild des Benutzers dangibbons
Re: Parse Windows Log Files For Errors

Hi,

Thanks for the response, I've pretty much worked it out now and it's a combination of what you descibed configuring nsclient.ini.

What I discovered in the process is that I can write custom powershell scripts and hook them into nsclient which allows me to do lots of goodies from custom log parsing to checking IIS websites :-)

Actually I noticed that the OpsView Windows agent is really nsclient++ but it seems to be an older version.  I installed NSCP-0.4.1.101-x64.msi instead and everything seems to work still.

Thanks

Dan

 

smarsh
Bild des Benutzers smarsh
Re: Parse Windows Log Files For Errors

Hi Dan,

Thats great news! Yeah it is NS Client (a project we sponsor) essentially, i think that the main difference between the standard one and ours is a few tweaks in the .ini file around SSL on by default, etc however the "non-Opsview" NSClient works just as well.

That sounds really interesting RE: Powershell, i havent really played around with it much since its inception to honest but i can imagine it being quite powerful. If you dont mind, could you let us know what you've done so that we can potentially pass this into the development team for future releases potentially, or so that other Opsview users who find this post will have a better idea of how to do it etc?

Cheers,

Sam