[Solved] Monitoring Event log errors

[Fabian79]

Hi,

I'm just playing around with the VMare image of pandora.

I want to monitor if there is a error in one of the windows Event log. So not the message but only a "1" if there's a error and "0" if not. I tried the following code.

module_begin
module_name log_events
module_type generic_data
module_description System errors
module_logevent
module_eventtype error
module_end

But there's no output.

Could someone give me a hint?

Thanx,

Fabian
The Netherlands

[chejov suzdal voshkov]

http://openideas.info/wiki/index.php?title=Pandora_2.0:Documentation_es:Install_Agent#module_logevent
only works with module_type generic_data_string

but try to change to module_type generic_proc

[Manuel Arostegui]

No, you gotta use generic_data_string
generic_proc won't do what you want cause the logevent module just copy all the output you'd find in the Event Log, so there's no way to define 0/1 in this module.
What you can do is parse the Event Log, then do a wc -l and if it's 0 it's 0 and if it's 1 it's 1, after doing that you could use a generic_proc module.

[JeeSee]

Having the same problems here.
The manual of Pandora says you can Monitor Eventlog Errors bij using module_eventtype error, but when I use that, there is no output.
Without this line, the output in Pandora shows all Eventlog triggers, but I only want to monitor Eventlog Errors and Warnings. Is that possible?

[Sancho Lerena]

You're missing some need config tokens, like the "source" of the log.

Your module could be something like:

module_begin
module_name log_events
correct type -> module_type async_string
module_description System errors
missing -> module_source System,
module_logevent
module_eventtype error
module_end

In the other way, module_type for a eventlog only could be "string" data type, could be generic_data_string if you plan to have always data there (not very probable) or async_string if you want to get "ocassional" data there.

Take a look on documentation, I think is pretty good, but if you don't understand something, just give us a clue on how we can improve it !
http://openideas.info/wiki/index.php?title=Pandora_3.0:Documentation_en:Configuration#module_logevent

Once you get the data, you can assign to that module an alert, just so simple as define an alert template who trigger when data will be different from "" (!= ""), this will trigger any value collected by pandora in that module.

Having the same problems here.
The manual of Pandora says you can Monitor Eventlog Errors bij using module_eventtype error, but when I use that, there is no output.
Without this line, the output in Pandora shows all Eventlog triggers, but I only want to monitor Eventlog Errors and Warnings. Is that possible?

[JeeSee]

I got it working right now. I'm using the async method, including eventtype and only when there's an error or warning it is send to Pandora Webconsole!

[JeeSee]

Not really solved..
Eventlog Monitoring shows Last Contact time of multiple hours.. In the eventlog of the Windows Agent were new events occured, but they are not shown in the monitoring (see picture).
How can this be resolved?

[Sancho Lerena]

Fixed in my last commit of today... all isues related for async modules are now fixed !.