Nagios_WSC & NTEvent Command

Due to limitations of the network topology that we have to monitor I have to use the Nagios_WSC pluggin. On the whole it works fine, however I also need to monitor Backup Exec events (57755 and 34112) for completed jobs. When I set up the NTEvent command, or indeed the NTEvents command they search the entire event log, application log in my case. All I want them to do is to search the last 24 hours for example. As it is not doing this I am recieving false positives.

Please can someone tell me if this is possible, if so how?

Thank you in advance.

Can’t help directly but if all else fails you could rotate your logs every 24 hrs…

I have thought of that already but was trying to avoid it as I will have to do this on many sites and if it fails on one site then I would still recieve a false positive.

Thanks for your feedback, I will keep digging and if I get an answer to my own question I will post the answer, but if anyone else can help please do so it will be appreciated.

For those of you interested in this post I have got a bit further regarding manually clearing down the event logs via a script but am yet to try it. There is a command ‘wevtutil’ that can be used as a script and therefore automate the clearing down of the logs. The command options that I am currently looking at are:

wevtutil cl /bu:

The cl will clear the logs and the /bu: is the backup location. I hope this helps out some of you as well. If I learn anything else to improve on this I will be sure to post it for you.

For more information you could check out this article: technet.microsoft.com/en-us/libr … 2318(WS.10.aspx