- Nagios - Switch Interface Traffic
- How To - Linux Server Performance
- Notes - Building New ESXi Host for iSCSI with Jumbo Frames
- Microsoft Office Version Numbers (XP, 2003, 2007, 2010)
- ESXi Custom Welcome Screen Text
- PHP - Read Data from a CSV file
- PHP - Input Variables from URL
- Fix - WMI Error EventID 10
- Fix - EventID 4007 DNS Server Error
- FIX - CHECK_ESX3.PL Script
Updating NagEventLog Filters via GPO
- References:
When you have alot of Windows Servers and would like to add an EventID to the Filter, it is a real pain to update on a server by server basis. So using a GPO object, you can control the filters directly from a policy without having to manually update each individual server.
Assumptions
- You install NagEventLog in a consistent fashion on all servers
- You want to filter the same items across ALL your servers
- All your servers are members of the local domain
Instructions
-
Create a custom administrative policy template. Below is the "nageventlog.adm" file I used to filter out select Event IDs.
; nageventlog.adm
;;;;;;;;;;;;;;;;;;;;;
CLASS MACHINE ;;;;;;
;;;;;;;;;;;;;;;;;;;;;
CATEGORY !!nagiosfilter
KEYNAME "SOFTWARE\Wow6432Node\Cheshire Cat\Nagios\Filter0"
POLICY !!changenagiosfilter
PART !!NotEventID CHECKBOX
VALUENAME "notID"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END PART
PART !!ChangeFilter0IDs EDITTEXT REQUIRED
VALUENAME "ID"
DEFAULT !!filterdefault
END PART
PART !!changefilter0IDstext TEXT END PART
END POLICY
END CATEGORY[STRINGS]
nagiosfilter="Nagios Filtering"
changenagiosfilter="Change Nagios Filter0"
ChangeFilter0IDs="Event IDs that are ignored by Nagios"
changefilter0IDstext="Comma seperated list of Event IDs to exclude"
filterdefault="21293,21248,26020,26009" - Add the new nageventlog.adm file to C:\windows\inf folder of your domain controller.
- Next, we need to add the template to our default policy. Launch the GPO Editor by clicking Start > Run > mmc. Add the "Group Policy Object Editor" Snap-in, click Browse, and choose the Default Domain Policy.
- Right-click "Administrative Templates" and choose Add/Remove templates. Select the template file, nageventlog.adm, we created.
- You should now see an item appear as "Nagios Filtering". If you select it and the "Change Nagios Filter0" does not appear, click View > Filtering and DE-select the "Only show policy settings that can be fully managed".
- Select "Enabled" option, click the checkbox to enable the EXCLUSION of the IDs and enter the comma delimited list of EventIDs.
- Servers will update automatically with their regular policy refresh. To force a policy update, you can use "gpupdate" from the command line.
You can use the technique above to do a variety of things and tweak things from a central location across the domain environment.
References
- Building the ADM template files - O'REILLY's Windows System Policy Editor
- Printer-friendly version
- Login to post comments
-
