Time for yet another tutorial this time detailing how to monitoring log files both event log and regular text files. The event log parts will build a bit on the earlier posts on monitoring the event log but since the “event log cache” feature has been replaced by the generic SimpleCache in 0.4.1 as well as 0.4.1 introducing a new SimpleFileWriter module as well I felt it was time to re-visit this topic.
Take your monitoring to the next level by creating self-resetting event log checks. Sometimes it is not only faults which can be harvested from the windows event log many applications will also report a message when the state returns to normal. This tutorial show you how to configure NSClient++ 0.4.1 to setup auto resetting event log checks. In addition to using passive checks via NSCA I will also demonstrate how to use the Cache module to benefit from real time event log checks via NRPE.
Monitoring the event log can quickly become straining for both the computer as well as the administrator as the event log grows and grows. To make this simpler for both the administrator and the computer NSClient++ 0.4.0 introduced real-time event log monitoring. This means we no longer scan the event log instead we simply scan events as they come in. The benefit, in addition to lowering the resources required, is that we can also get notified instantly when an error occurs instead of every 5 minutes or however often we check the log. Another addition is a simple client o generate event log message to help administrators debug event log filters. This is a quick introduction to event log monitoring and real-time event log monitoring showing how to set up real-time event log monitoring both for active and passive use via NSCA and NRPE.