I have been using Icinga for our infrastructure monitoring. I am using active checks for about 300 services and I am interested in setting up passive checks now as I would like to get all the critical events from the Event Viewer on a Windows machine and display them in Icinga. I have installed NSCA server and I have configured the nsclient.ini file with the appropriate schedules. However, I never receive any results from the passive checks. The only times when I receive output is when the freshness threshold is reached and Icinga actively pulls the result from the remote computer. I am obviously missing something here so any suggestions would be much appreciated.
Asked
Active
Viewed 1,220 times
2 Answers
0
Why do you want to use passive checks from Windows machines instead of active checks? You can query the eventlog with powershell and send it to icinga2 without problems...
Something like:
- service defined as template:
apply Service for ( eventname => eventlog in host.vars.eventlog) { import "generic-service" check_command = "nsclient_windows" vars.nrpe_command = "check_eventlog" vars.nrpe_arguments = [ eventlog["eventid"], eventlog["msg"] ] import "service-instructions" assign where host.vars.hasEventLog == true }
- checkcommand defined as template:
object CheckCommand "nsclient_windows" { import "plugin-check-command" command = [ PluginDir + "/check_nrpe" ] arguments = { "-H" = "$nrpe_address$" "-p" = "$nrpe_port$" "-c" = "$nrpe_command$" "-n" = { }
- host.conf
vars.hasEventLog = true vars.eventlog ["EventLog_XXX"] = { eventid="XXX", msg="Added_user_to_local_group"}
Hope it helps!
Alba
- 1
0
Icinga has their own windows client. You can install that in your windows machine and try passive. Check this link if it helps
Santhosh R
- 1
- 1