Nagios_WSC & NTEvent Command


#1

Due to limitations of the network topology that we have to monitor I have to use the Nagios_WSC pluggin. On the whole it works fine, however I also need to monitor Backup Exec events (57755 and 34112) for completed jobs. When I set up the NTEvent command, or indeed the NTEvents command they search the entire event log, application log in my case. All I want them to do is to search the last 24 hours for example. As it is not doing this I am recieving false positives.

Please can someone tell me if this is possible, if so how?

Thank you in advance.


#2

Can’t help directly but if all else fails you could rotate your logs every 24 hrs…


#3

I have thought of that already but was trying to avoid it as I will have to do this on many sites and if it fails on one site then I would still recieve a false positive.

Thanks for your feedback, I will keep digging and if I get an answer to my own question I will post the answer, but if anyone else can help please do so it will be appreciated.


#4

For those of you interested in this post I have got a bit further regarding manually clearing down the event logs via a script but am yet to try it. There is a command ‘wevtutil’ that can be used as a script and therefore automate the clearing down of the logs. The command options that I am currently looking at are:

wevtutil cl /bu:

The cl will clear the logs and the /bu: is the backup location. I hope this helps out some of you as well. If I learn anything else to improve on this I will be sure to post it for you.

For more information you could check out this article: technet.microsoft.com/en-us/libr … 2318(WS.10.aspx