Welcome to Pandora FMS Community!

Find answers, ask questions, and connect with our community around the world.

Welcome to Pandora FMS Community Forums Community support [Solved] Monitoring Event log errors

  • Community support

    [Solved] Monitoring Event log errors

    Posted by Fabian79 on July 14, 2009 at 07:36

    Hi,

    I’m just playing around with the VMare image of pandora.

    I want to monitor if there is a error in one of the windows Event log. So not the message but only a “1” if there’s a error and “0” if not. I tried the following code.

    module_begin
    module_name log_events
    module_type generic_data
    module_description System errors
    module_logevent
    module_eventtype error
    module_end

    But there’s no output.

    Could someone give me a hint?

    Thanx,

    Fabian
    The Netherlands

    Sancho replied 15 years, 3 months ago 5 Members · 7 Replies
  • 7 Replies

  • suzdal

    Member
    July 15, 2009 at 09:25
    1 Karma
    Community rank: tentacle-noob-1 Tentacle noob
    Like it
    Up
    0
    Down
    Drop it
    ::

    http://openideas.info/wiki/index.php?title=Pandora_2.0:Documentation_es:Install_Agent#module_logevent
    only works with module_type generic_data_string

    but try to change to module_type generic_proc

  • manu

    Member
    July 18, 2009 at 03:31
    0 Karma points
    Community rank: tentacle-noob-1 Tentacle noob
    Like it
    Up
    0
    Down
    Drop it
    ::

    No, you gotta use generic_data_string
    generic_proc won’t do what you want cause the logevent module just copy all the output you’d find in the Event Log, so there’s no way to define 0/1 in this module.
    What you can do is parse the Event Log, then do a wc -l and if it’s 0 it’s 0 and if it’s 1 it’s 1, after doing that you could use a generic_proc module.

  • JeeSee

    Member
    November 11, 2009 at 16:08
    0 Karma points
    Community rank: tentacle-noob-1 Tentacle noob
    Like it
    Up
    0
    Down
    Drop it
    ::

    Having the same problems here.
    The manual of Pandora says you can Monitor Eventlog Errors bij using module_eventtype error, but when I use that, there is no output.
    Without this line, the output in Pandora shows all Eventlog triggers, but I only want to monitor Eventlog Errors and Warnings. Is that possible?

  • Sancho

    Administrator
    November 17, 2009 at 01:06
    2321 Karma points
    Community awards: bulb Bright ideas
    Community rank: tentacle_master_icon Tentacle Master
    Like it
    Up
    0
    Down
    Drop it
    ::

    You’re missing some need config tokens, like the “source” of the log.

    Your module could be something like:

    module_begin
    module_name log_events
    correct type -> module_type async_string
    module_description System errors
    missing -> module_source System,
    module_logevent
    module_eventtype error
    module_end

    In the other way, module_type for a eventlog only could be “string” data type, could be generic_data_string if you plan to have always data there (not very probable) or async_string if you want to get “ocassional” data there.

    Take a look on documentation, I think is pretty good, but if you don’t understand something, just give us a clue on how we can improve it !
    http://openideas.info/wiki/index.php?title=Pandora_3.0:Documentation_en:Configuration#module_logevent

    Once you get the data, you can assign to that module an alert, just so simple as define an alert template who trigger when data will be different from “” (!= “”), this will trigger any value collected by pandora in that module.

    Having the same problems here.
    The manual of Pandora says you can Monitor Eventlog Errors bij using module_eventtype error, but when I use that, there is no output.
    Without this line, the output in Pandora shows all Eventlog triggers, but I only want to monitor Eventlog Errors and Warnings. Is that possible?

  • JeeSee

    Member
    November 18, 2009 at 13:05
    0 Karma points
    Community rank: tentacle-noob-1 Tentacle noob
    Like it
    Up
    0
    Down
    Drop it
    ::

    I got it working right now. I’m using the async method, including eventtype and only when there’s an error or warning it is send to Pandora Webconsole!

  • JeeSee

    Member
    November 19, 2009 at 15:21
    0 Karma points
    Community rank: tentacle-noob-1 Tentacle noob
    Like it
    Up
    0
    Down
    Drop it
    ::

    Not really solved..
    Eventlog Monitoring shows Last Contact time of multiple hours.. In the eventlog of the Windows Agent were new events occured, but they are not shown in the monitoring (see picture).
    How can this be resolved?

  • Sancho

    Administrator
    December 2, 2009 at 02:54
    2321 Karma points
    Community awards: bulb Bright ideas
    Community rank: tentacle_master_icon Tentacle Master
    Like it
    Up
    0
    Down
    Drop it
    ::

    Fixed in my last commit of today… all isues related for async modules are now fixed !.

Start of Discussion
0 of 0 replies June 2018
Now

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .