Event Log not checking System Event Log
Brought to you by:
montitech
Menu
▾
▴
I have a Windows 2K3 system installed working fine except for the System Event Log that isn't checked by Nc_Net (v.5)
In my passive.cfg I have
*11 EventLog -l any,Error,10,0,0,0*
If I insert an entry on the Application Log this is trapped by Nc_Net and sent to my Nagios server, if the same entry is present in the System Log isn't.
What's wrong?
Thank you
the check_nt version I hope is not .5 but one of the newer version 4.X or 5.X. All versions after 3.0 have EVENTLOGNEW that uses a different syntex than original EventLog where each delimited item supports a list of items see check_nc_net -help=EVENTLOG_NEW
It also uses a different algorithm for testing the log, that greatly speeds it up. and increases reliability. The main problem on the old version was it was reading the event log files from the head. this on rare occations caused a loss of capturing the new events, if the number of events in the event log changes while it is reading through them.
EventLogNew should be Faster, and more accurate. Also Make sure you checkinterval of Nagios is less then your EventLog time of 10 min. this sometimes could cause nagios to miss an event.
Another issue that may be happening, is if NC_NET is not given permission to the event log, then it would not check that log. Some admins lock down nc_net by running it under different accounts. this makes it easy for reasources to be unavailible to nc_net.
Tony