Hello Guest

Author Topic: [Solved] Windows Eventlog Monitoring problem  (Read 1615 times)

0 Members and 1 Guest are viewing this topic.

Offline JeeSee

  • Full Member
  • ***
  • Posts: 29
  • Karma: 0
    • View Profile
    • Boeien ?!
[Solved] Windows Eventlog Monitoring problem
« on: November 12, 2009, 05:07:06 AM »
Pandora FMS version: 2.1 Windows Agent 2.1

In the Windows Agent pandora_agent.conf I've added the following lines to monitor the Windows System Eventlog and Application Eventlog for Error or Warnings:

Code: [Select]
#Windows System Eventlog Error Messages monitoring
module_begin
module_name log_system_err
module_type generic_data_string
module_description System errors
module_logevent
module_source System
module_eventtype error
module_end

#Windows System Eventlog Warning Messages monitoring
module_begin
module_name log_system_wrn
module_type generic_data_string
module_description System warnings
module_logevent
module_source System
module_eventtype warning
module_end

#Windows Application Eventlog Error Messages monitoring
module_begin
module_name log_app_err
module_type generic_data_string
module_description Application errors
module_logevent
module_source Application
module_eventtype error
module_end

#Windows Application Eventlog Warning Messages monitoring
module_begin
module_name log_app_wrn
module_type generic_data_string
module_description Application warnings
module_logevent
module_source Application
module_eventtype warning
module_end

After that I restarted the Pandora Agent service and deleted the Agent in the Pandora FMS Webconsole. After a little time the Agent is found by Pandora FMS Webconsole, including some modules I configured in the pandora_agent.conf file, but the logevent modules aren't shown. When I send a testevent to the machine, to log an ERROR-event, it is shown in the application Eventlog on the Windows system, but not in Pandora FMS Console.
What's wrong with the above configuration?
We only need to monitor Errors/Warning from the Eventlogs from our Windows Agents.

Any help would be welcome
« Last Edit: November 17, 2009, 06:27:50 AM by raul »

Offline JeeSee

  • Full Member
  • ***
  • Posts: 29
  • Karma: 0
    • View Profile
    • Boeien ?!
[SOLVED] Windows Eventlog Monitoring problem
« Reply #1 on: November 17, 2009, 05:59:01 AM »
Eventlog module is initialized after an Event occurs. When there are no events, the module stays uninitialized till there's an Event.

Offline Sancho Lerena

  • Administrator
  • Expert member
  • *****
  • Posts: 1281
  • Karma: 28
  • I can see everything... with my glasses :-)
    • View Profile
    • Pandora FMS
Re: [SOLVED] Windows Eventlog Monitoring problem
« Reply #2 on: November 22, 2009, 12:25:44 PM »
Eventlog module is initialized after an Event occurs. When there are no events, the module stays uninitialized till there's an Event.

Exactly, that's the standard behaviour.
-- See you in the other screen.

Offline atheo

  • Newbie
  • *
  • Posts: 3
  • Karma: 0
    • View Profile
Re: [Solved] Windows Eventlog Monitoring problem
« Reply #3 on: November 15, 2011, 06:17:37 AM »
I add the same code as below and only application is working .. the system is not initialized module:

#Windows System Eventlog Error Messages monitoring
module_begin
module_name log_system_err
module_type generic_data_string
module_description System errors
module_logevent
module_source System
module_eventtype error
module_end

#Windows System Eventlog Warning Messages monitoring
module_begin
module_name log_system_wrn
module_type generic_data_string
module_description System warnings
module_logevent
module_source System
module_eventtype warning
module_end

#Windows Application Eventlog Error Messages monitoring
module_begin
module_name log_app_err
module_type generic_data_string
module_description Application errors
module_logevent
module_source Application
module_eventtype error
module_end

#Windows Application Eventlog Warning Messages monitoring
module_begin
module_name log_app_wrn
module_type generic_data_string
module_description Application warnings
module_logevent
module_source Application
module_eventtype warning
module_end

Offline atheo

  • Newbie
  • *
  • Posts: 3
  • Karma: 0
    • View Profile
Re: [Solved] Windows Eventlog Monitoring problem
« Reply #4 on: November 16, 2011, 06:28:58 AM »
Btw did you ever tried to receive alerts ie email for this modules ?