How to monitor Windows logs with WMI.

 

The script:

First you will need to download my script and make a copy of it on to your windows box.

Download it from here: http://mihai.radoveanu.ro/my-plugins/check_windows_logs_via_wmi

 

The configuration:

At this point I suppose that you use some kind of client to monitor your windows servers. Here I’m going to give two examples: Nrpe_nt and NSClient++.  You can choose your own client as long as you give all the parameters needed (see the script help).

 

  • Configuration of the Nrpe_nt:

 

Ensure that you allow arguments on your installation:

# COMMAND ARGUMENT PROCESSING

# Values: 0=do not allow arguments, 1=allow command arguments

dont_blame_nrpe=1

 

And insert these commands:

command[check_windows_logs_remote_wmi]=cscript.exe //T:120 //NoLogo c:\<path-to-your-script>\check_windows_logs.vbs -h “$ARG1$” -l “$ARG2$” -ex “$ARG3$”

command[check_windows_logs_local_wmi]=cscript.exe //T:120 //NoLogo c:\<path-to-your-script>\check_windows_logs.vbs -h “.” -l “$ARG1$” -ex “$ARG2$”

 

  • Configuration of the NSClient++ :

First ensure that you allow arguments:

[External Script]

allow_arguments=1

 

And define the scripts on the external scripts section:

check_windows_logs_remote_wmi=cscript.exe //T:30 //NoLogo c:\<path-to-your-script>\check_windows_logs.vbs -h “$ARG1$” -l “$ARG2$” -ex “$ARG3$”

check_windows_logs_local_wmi=cscript.exe //T:30 //NoLogo c:\<path-to-your-script>\check_windows_logs.vbs -h “.” -l “$ARG1$” -ex “$ARG2$”

 

If you don’t want to monitor other hosts from your machine I recommend that you set the dont_blame_nrpe and allow_arguments to 0 and configure locally the machines (that implies setting the “ARGX” variables directly in to the configuration file of the service). It goes without saying that you need to run this script as a administrator on the machine that needs to be verified.

 

  • Nagios configuration

On the Nagios side you need to first configure the commands (I’m assuming that you will use the NRPE communication):

 

define command {

command_name         check_win_logs_local

command_line         $USER1$/check_nrpe -t 240 -H nrpe -c check_windows_logs_local_wmi -a $ARG1$ $ARG2$

}

 

define command {

command_name         check_win_logs_remote

command_line       $USER1$/check_nrpe -t 240 -H nrpe -c check_windows_logs_remote_wmi -a $HOSTADDRESS$ $ARG1$ $ARG2$

}

 

Where ARG1 will be the log’s name and ARG2 the exceptions list.

Now all you need to do is to add the service to your server(s):

 

define service {

use                                                generic-service
name                                             Local Check Application log
service_description                          Local Check Application log
check_command                             check_win_logs_remote!Application!20,30
check_period                                  24×7
max_check_attempts                     4
normal_check_interval                    1440 #every 24H so we will not overload the box
retry_check_interval                     4
host_name                                     WINDOWS_AD_SERVER

}

 

define service {

use                                                generic-service
name                                             Remote Check Application log
service_description                          Remote Check Application log
check_command                             check_win_logs_remote!Application!20,30
check_period                                  24×7
max_check_attempts                           4
normal_check_interval                    1440
retry_check_interval                      4
host_name                                     WINDOWS_AD_SERVER

}

 

That’s it.

 

Mihai out

Leave a Reply