/nagevlog

Nagios Eventlog Agent for Windows

Primary LanguageC++GNU General Public License v2.0GPL-2.0

History
-------

This is built on the NTSyslog code (GPL), adding in the send_nsca code (GPL) by Ethan Galstead.
Then I added the filtering routines, and modified send_nsca so that it would work as a library and also compile under Windows.


Installing:
-----------

set up the service
nagevlog.exe -install

configure, and start service
nagevlogctl.exe

Filters
-------

The system will never forward event log entries generated by itself (for obvious reasons)
The first filter to match is used ONLY.
Each filter should specify a Nagios service description and a status level.
You obviously need to have the NSCA service installed on your Nagios server!
Dont forget to make sure the Encryption type and password configured match.
You can set up a second Nagios NSCA server if you have a redundant configuration.
The logging options allow you to generate EventLog entries for the various agent actions.

The agent will initiate a separate connection to NSCA for each log to be forwarded.
This can be a bit heavy if you configure to forward too many logs!  Try to be selective.

The Event ID filter is a comma separated list.

The Match String is NOT a regexp.  If this string occurs ANYWHERE in the message, then it will count as a match.  It is case sensitive.

For all other string matches, case is sensitive, and trailing space count.  Probably you should switch on the 'log NSCA messages' option at first to check your filter config.


Nagios Config
--------------
Suggested Nagios services.cfg setup:

define service {
        service_description Event Log
        host_name %SHNAME%
        active_checks_enabled       1
        check_period    none
        passive_checks_enabled      1 
    flap_detection_enabled      0
    notification_period     24x7
    max_check_attempts      1 
    normal_check_interval       5 
    notification_options    w,c,r
        check_freshness  1
# 1800 sec = 30 min
        freshness_threshold      1800
        check_command   ok!No alerts in last 30 min
}