Felipe FerreiraNagios, plugins, VbScripts

This is a much usefull plugin that can verify the Windows Event Viewer via nagios remote check
I tested using the NC_NET on Windows 2003 and 2000. There is one tweek that needs to be done for
it to work under windows 2000.
After trying many of the available and complicated ways to do this, I decided to write my own
and share with everyone! 🙂
Important this script requires the Microsoft tool:
dumpel.exe
check_events.vbs
The syntax is simple:
From nagios do:
./check_nt -H server10 -t 50 -v RUNSCRIPT -l “cscript.exe //nologo C:PROGRA~1NC_Netscriptcheck_events.vbs -t System -e 4097 -s DrWatson
OK – No Error(s) found today, for eventID: 4097 , System
Here is the script.

'Get Event Viewer Filering by: event,source,id, USING: dumpel.exe
'Be able to get Multiple Evens from Multiple Servers(servers array ?) events in array (?)
'NOTES: dumpel.exe is much faster then WMI or LogParser API
'Author: Felipe Ferreira
'Adapted to Nagios
'1. Get all arguments from cmd
'2. Count output of each line of the dumplog
'3. Calculate the Warning / Critical / OK
'3. Output in the format:
'ex: Found XE event of the type XT and ID XI in the last XT minutes | EventsFound XE : Warn : Crit
Option Explicit
Dim t1 : t1 = Timer  'time the script
dim strScriptFile : strScriptFile = WScript.ScriptFullname
dim strScriptPath : strScriptPath = Left(strScriptFile, Len(strScriptFile) - Len(WScript.Scriptname))
Dim EventDumpPath : EventDumpPath = strScriptPath ' WHERE LOG FILE WILL STAY
Dim ofso : Set ofso = CreateObject("Scripting.FileSystemObject")
Dim blnErrorFound : blnErrorFound = false
Dim EventDumplog, strLine, strBody, Server, strLogFile
Dim intLineCnt
Dim eType,eType2,eSource,eError,eServer,eDays
Dim verbose
Dim argcountcommand
Dim arg(25)
'# EDIT HERE # EDIT HERE # EDIT HERE
verbose="0"
'eType="System"
'eSource="Srv"
'eError="2022"
eServer="localhost"
eDays="1"
GetArgs()
if(argcountcommand >= 4) then
	eType = GetOneArg("-t")	   'Type, Application,System,
	eError = GetOneArg("-e")   'ID
    eSource	= GetOneArg("-s")  'Source
else
	'call help()
	'wscript.quit(3)
end if
'# EDIT HERE # EDIT HERE # EDIT HERE #
'FUNCTION CALLS:    (eType,eSource,eError,eServer,eDays) Application, Id, Type
 call pt( "Checking: " & eServer & " Event Source: " & eSource & " EventID: " & eError & " " & eType)
 call Execute(eType,eSource,eError,eServer,eDays)
 call CheckifError(EventDumpLog)
 if (blnErrorFound = true) then
  wscript.echo "CRITICAL - " & intLineCnt & " Error(s) where found |EventErros=" & intLineCnt
 else
  wscript.echo "OK - No Error(s) found today, for eventID: " & eError & " , " & eType & "| EventErros=0"
 end if
'__________________________________FUNCNTIOS AND SUBS_________________________
Function Execute(eType,eSource,eError,eServer,eDays)
	'on error resume next
	blnErrorFound = False
	EventDumplog =  eServer & "_" & eError & ".log"
	dim strCmd,strCmdOut
	dim objShell : Set objShell = WScript.CreateObject("WScript.Shell")
	strCmd = strScriptPath & "dumpel.exe -f " & EventDumpLog & " -l " & eType & " -m " & eSource & " -e " & eError & " -s " & eServer & " -d " & eDays
	pt(strCmd)
	Dim objExecObject : Set objExecObject = objShell.Exec(strCmd)
'MUST GET STDOUT, SOMETIMES APP DONT RUN!
	Do While objExecObject.Status <> 1
		'wscript.sleep 20
		'Wscript.StdOut.Write(".")
	Loop
	'if err.number = 0 and objExecObject.Status = 1 then
	'end if
end function
sub CheckIfError(strLogFile)
'Looks into Log folder if any .log and not 0kb turn ErrorFound=true that will zip and send email
 on error resume next
	Dim ofso,dumpFile,f
	Dim fso
	Const ForReading = 1
	intLineCnt=0
	pt("Checking for errors: " & strLogFile)
	set fso = CreateObject("Scripting.FileSystemObject")
	Set ofso = CreateObject("Scripting.FileSystemObject")
	Set dumpFile = ofso.OpenTextFile(strLogFile, ForReading)
	'pt dumpFile.size
	'GET FILE SIZE
	If ofso.FileExists(strLogFile) Then
        Set f = ofso.GetFile(strLogFile)
        pt "Arquivo " & strLogFile & " = " & f.Size & " kb" 'displays size of file
		If (f.size = 0) Then
				pt "No errors found"
				dumpFile.close
				f.delete
		else
		Do Until dumpFile.AtEndOfStream
		        strLine = dumpFile.ReadLine
     		    intLineCnt = intLineCnt + 1
			    pt strLine
				blnErrorFound = True
		loop
		end if 'File Dump Size Check
	else
	    pt "Arquivo " & strLogFile & " nao existe"
	end if
end sub
Function GetArgs()
'Get ALL arguments passed to the script
	On Error Resume Next
	Dim i
	argcountcommand=WScript.Arguments.Count
	for i=0 to argcountcommand-1
		arg(i)=WScript.Arguments(i)
        p i & " - " & arg(i)
	next
End Function
Function GetOneArg(strName)
	On Error Resume Next
	Dim i
	for i=0 to argcountcommand-1
		if (Ucase(arg(i))=Ucase(strName)) then
			GetOneArg=arg(i+1)
			Exit Function
		end if
	next
End Function
Function pt(msgTxt)
if verbose = "1" then
	wscript.echo msgtxt
end if
end function
Tags: , , , , , ,

2 thoughts on “nagios check events

  1. Thanks Felipe for the great script.
    But how should I configure the servie in /usr/local/nagios/etc/objects/windows.cfg ?
    Is this correct?
    define service{
    use generic-service
    host_name oitayelet
    service_description Run Script
    check_command check_nt!RUNSCRIPT!-l

    Reply

  2. Hi, what about using some batch or script to monitor the size of it (event viewer for example the “Application” file )?
    Good day people!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *