Nagios XI Monitoring Windows Event Logs With NagEventLog

Similar documents
Using SSL/TLS with Active Directory / LDAP

Interlink Express Desktop Printing Service Installation Guide

Deposit Wizard TellerScan Installation Guide

Purpose. Target Audience. Windows Machine Requirements. Windows Server Core (No Desktop) Nagios XI. Monitoring Windows Using WMI

GrapeMasher Installation

Itris TIA Portal Import/Export

This Quick Start describes how to use Bocconi Cloud Service, called Filr in the rest of the document, from your Windows desktop.

Configuring ApplicationHA in VMware SRM 5.1 environment

WMI log collection using a non-admin domain user

KYOCERA Device Manager Installation and Upgrade Guide

INSTALLING OUTLOOK CRM

Advanced Digital Machine Vision Cameras Camera Control Application. Quick Start. Application Notes. Rugged Machine Vision. Rev A

KYOCERA Device Manager Installation and Upgrade Guide

Workspace Desktop Edition Deployment Guide. Installing The Workspace SIP Endpoint

Print Manager Plus 2010 Workgroup Print Tracking and Control

Installation Guide for Pulse on Windows Server 2012

Troubleshooting. Participants List Displays Multiple Entries for the Same User

Nagios XI Using The Core Config Manager For Host Management

User guide NotifySCM Installer

Installation on Windows Server 2008

Deposit Wizard Panini Installation Guide

Acronis Backup & Recovery 11 Beta Advanced Editions

Monitoring Apache Tomcat Servers With Nagios XI

Sabre Customer Virtual Private Network Launcher (SCVPNLauncher)

efolder BDR for Veeam VMware Continuity Cloud Guide

Installing the WinSCP Secure FTP Client

Getting Started with the Ed-Fi ODS and Ed-Fi ODS API

Configuring the WebDAV Folder for Adding Multiple Files to the Content Collection and Editing Them

Apple Exam 9L0-412 OS X Support Essentials 10.8 Exam Version: 6.3 [ Total Questions: 86 ]

EventSentry Quickstart Guide

Cisco recommends that you have knowledge of FireSIGHT Management Center, Sourcefire User Agent, and Active Directory.

Direct Certification FTP Setup Instructions

29 March 2017 SECURITY SERVER INSTALLATION GUIDE

Installing SQL Server 2016 Cluster

VPN Client and Cisco Clean Access Agent

Installation Guide. Version R94. English

Dell EMC Repository Manager Version 3.1. Quick Start Guide

Perceptive Interact for EpicCare Link

Updating your uscope Firmware

BROWSER-BASED SUPPORT CONSOLE USER S GUIDE. 31 January 2017

Status Web Evaluator s Guide Software Pursuits, Inc.

efolder BDR for Veeam Hyper-V Continuity Cloud Guide Setup Continuity Cloud Import Backup Copy Job Restore Your VM

Troubleshooting. Participants List Displays Multiple Entries for the Same User

Step by Step SQL Server Alerts and Operator Notifications

Migrating from Citrix XenApp (IMA / FMA) to Parallels Remote Application Server

Citrix HDX RealTime Media Engine 2.6 Add-on for Dell Wyse ThinLinux Version 2.1. Release Notes

CardAccess 3000 licensing procedure utilizing a license file (cardaccess.lic)

KLAS v7 Workstation Installation Self-Hosted Progress Version 10.2B / Windows 7

Troubleshooting. Participants List Displays Multiple Entries for the Same User

How to guide: Setup RMSSA for Security Manager

Installing Active Directory on a Windows 2012 Server

My Site. Introduction

Microsoft Windows Encrypting File System (EFS) Certificate Migration from XP to VISTA (also works with Windows 7) Instruction Guide

Software Autodiscover Setup Guide

Dell EMC Repository Manager Version 3.2. Quick Start Guide

Filr 3.3 Desktop Application Guide for Linux. December 2017

Nagios XI Host and Service Details Overview

White Paper. Fabasoft Folio Thin Client Support. Fabasoft Folio 2017 R1

VPN Installation Quick Setup Guide

dotdefender for IIS Installation Guide

Raptor University. Installing Raptor v Instructor: RAPTOR TECHNOLOGIES, LLC

VMware Horizon View Client 4.10 Add-on for Dell Wyse ThinLinux Version 2.1. Release Notes

Installing and Configuring vcenter Multi-Hypervisor Manager

Comodo IT and Security Manager Software Version 6.4

VMware vrealize Operations for Horizon Installation. VMware vrealize Operations for Horizon 6.5

TxEIS on Internet Explorer 8

These instructions cover how to install and use pre-compiled binaries to monitor AIX 5.3 using NRPE.

Installation Guide. for 6.5 and all add-on modules

Standalone Installation Instructions for GastroPlus v9.5

Accops HyWorks v3.0. Installation Guide

Immotec Systems, Inc. SQL Server 2008 Installation Document

VMware AirWatch Database Migration Guide A sample procedure for migrating your AirWatch database

Purpose. Target Audience. Install SNMP On The Remote Linux Machine. Nagios XI. Monitoring Linux Using SNMP

Integrating IBM Security Privileged Identity Manager with ObserveIT Enterprise Session Recording

Windows Download & Installation

mytsa Knowledge Technical Guide

Retrieve Download File from CSDI Installation Instructions

Installation Guide For IM Sequencer 6.0

Media Writer. Installation Guide LX-DOC-MW5.1.9-IN-EN-REVB. Version 5.1.9

Downloading & Installing Audacity

'phred dist acd.tar.z'

TREX Set-Up Guide: Creating a TREX Executable File for Windows

Aspera Connect Windows XP, 2003, Vista, 2008, 7. Document Version: 1

Creating an Outlook Auto-Response Rule for Departmental Accounts

CCC ONE Appraisal Platform

LiveNX Upgrade Guide from v5.2.0 to v5.2.1

4 Enter an IP address and sub-net mask for the ftp server and. 5 Go to the [System and Maintenance] > [Administrative Tools]

Comodo IT and Security Manager Software Version 6.6

Storage Security Software (Version )

Symantec Backup Exec Quick Installation Guide

BRM 02 Edition - System Requirements and Installation Support

Kaseya 2. Installation guide. Version R8. English

User Installation Guide epadlink SigCaptureWeb SDK

StarWind Native SAN for Hyper-V:

Using Attix5 Pro with EFS

Valley Library Consortium

Troubleshooting. Cisco WebEx Meetings Server User Guide Release 3.0 1

Installing ImageTrends EMS Field Bridge

Lab 1: Amend Your Workflow

How to connect to the University of Exeter VPN service

Transcription:

The Industry Standard in IT Infrastructure Monitoring Purpose This document describes how to monitor Windows event logs using Nagios XI and the NagEventLog addon. Target Audience This document is intended for use by Nagios XI Administrators. Prerequisites You must have completed the following steps before you can monitor Windows event logs using this documentation: Configure NSCA on the Nagios XI Server You must have configured the NSCA agent on your Nagios XI server in order to monitor Windows event logs with NagEventLog. Instructions for configuring NSCA can be found in a separate document titled Using NSCA With XI: https://assets.nagios.com/downloads/nagiosxi/docs/using_nsca_with_xi.pdf Overview In order to monitor Windows event logs using Nagios XI and the NagEventLog agent, you must complete the following: 1. Install the NagEventLog agent on the Windows machine 2. Configure the NagEventLog agent and define event log filters/patterns to monitor 3. Run the Windows Event Log monitoring wizard in Nagios XI The following pages will take you through each of these steps. Note: If you are installing NagEventLog on 64-bit versions of Microsoft Windows, you will need to install the following first: Microsoft Visual C++ 2005 Redistributable Package (x86) https://www.microsoft.com/en-us/download/details.aspx?id=3387 Once this has been installed, proceed with the steps below. Page 1

Installing NagEventLog In order to monitor Windows event logs with Nagios XI, you must install the NagEventLog agent on the Windows machine. You can get the latest version of NagEventLog from Steve Shipway's website (http://www.steveshipway.org/software/) or download a copy of the latest version (1.9.2 as of the time of writing) from: http://assets.nagios.com/downloads/addons/nageventlog/nagevlog-setup-1.9.2.exe Launch the NagEventLog installer on the Windows machine and click Next to get started. Read the program and license information and click Next to continue. When prompted for the installation directory, click Next to accept the default and continue. Page 2

When prompted for which components to install, click Next to accept the defaults and continue. When prompted for the start menu folder name, click Next to accept the default and continue. On the configuration screen, make sure you specify: The host name (as currently defined, or as you will define it in Nagios XI) for the Windows machine you are installing the agent on in the Host name for this computer field. The IP address of the Nagios XI server in the Nagios NSCA Server name field. The port that NSCA is running on (defaults to 5667) on the Nagios XI server in the Nagios NSCA Server port field. The password that you have configured NSCA to use on the Nagios XI server in the Nagios NSCA Server password field. Click Next to continue. Page 3

On the next screen, optionally select the option to create a desktop icon for the NagEventLog agent (recommended). Click Next to continue. Click Install to begin the installation. Note: On 64-bit versions of Microsoft Windows, you will receive the following error four times. Simply click OK each time and the installation will complete. NagEventLog will work regardless of this error. Page 4

Click Next to continue once the installation is completed. Note: You're not finished yet! You still need to configure the agent. Instructions for doing so are found on the following pages. Make sure the Configure the EventLog monitor option is selected and click Finish. The main configuration screen for the agent will appear. Click the NSCA Daemons button to finish configuration of the NSCA settings. Page 5

Note: On 64-bit versions of Microsoft Windows, you will see the following error on the screen Service is not installed or error encountered!. You will need to close the Nagios EventLog Service Control Manager and reopen it with Administrator privileges. This can be done by right clicking the Configure EventLog Agent icon and selecting Run as Administrator. Continuing from the last step, click the NSCA Daemons button to finish configuration of the NSCA settings. The NSCA Server Settings screen will appear. The Primary NSCA Daemon field needs to be the address of your Nagios XI server. The Host Name in Nagios field is the host object that will be targeted in Nagios XI for the services that will be receiving the event logs. Make sure you selected the same encryption method in the Encryption option as what is used to decrypt data in the NSCA configuration on the Nagios XI server. Important: If the NSCA password and/or encryption method do not match the settings used by the NSCA agent on the Nagios XI server, event log monitoring will not work! Click OK to continue. Select Yes when prompted if you want to save the NSCA settings. Page 6

Important: If you changed NSCA settings, you will have to restart the NagiosEventLog service on the Windows machine. You can do this by using the Computer Management console, or by issuing the following commands from a command prompt: net stop NagiosEventLog net start NagiosEventLog Configuring Event Log Monitoring To configure how event logs are monitored, you defined one or more filters in the Nagios Eventlog Control Manager. How Filters Work When an event log item matches a filter you defined, the NagEventLog agent will send an alert to the Nagios server using the NSCA protocol. Default Filters There are three default filters that get defined one each for the System, Application, and Security event logs. Prioritizing Matches Filters are matched by priority in the order they are defined. You can change the priority of filters by using the Move up and Move down buttons. Creating New Filters To create a new filter, click the Create New button. Editing Existing Filters To edit an existing filter, select the filter from the drop-down list and click the Edit button. Page 7

Defining Filter Settings When defining or changing each filter's settings, you are able to specify: 1. What Windows Event Log the filter applies to 2. What type of events match the filter rules, including: a. Event type (Error, Warning, Audit Failure, etc.) b. Event Ids (optional) c. String matches (optional) d. Event sources (optional) 3. The service name (as defined in Nagios XI) that alerts for the filter will be associated with. 4. The service status (e.g. criticality) of a filter match. Important: The service name you define in each filter must correspond to a service in Nagios XI. You will define the services using the Nagios XI wizard on the following pages of the documentation. Using The Configuration Wizard Once you have finished defining event log filters on the Windows machine, you need to run the Windows Event Log wizard in Nagios XI. Navigate via the top menu bar to Configure > Run a configuring wizard, and select the Windows Event Log wizard. In the following screenshot you can see how the search field allows you to quickly find a wizard. Page 8

On Step 1 you will be asked to supply the address of the machine running the NagEventLog client. This must match the Host Name you specified in the NSCA Server Settings screen of the NagEventLog agent. Click Next to progress to step 2. On Step 2 you need to make sure the Host Name field matches the NagEventLog setting Host Name in Nagios. The Event Log Service Names you specify in the wizard match the Service Names you specified when defining filters in the NagEventLog agent. The default entries you see in the wizard match the default settings in NagEventLog. Click Next and then complete the wizard by choosing the required options in Step 3 Step 5. To finish up, click on Finish in the final step of the wizard. This will create the new hosts and services and begin monitoring. Page 9

Once the wizard applies the configuration, click the View status details for xxxxx link to see the new host and services that were created. Note: A special EventLog Agent service is created to handle heartbeat information sent from the NagEventLog agent. This screenshot gives an example of how things might look after event log alerts start to arrive from the NagEventLog agent. Finishing Up If you have any issues with monitoring event logs with your Nagios XI system, please post your questions on the Nagios Support Forums at the following URL: https://support.nagios.com/ Page 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback