- Nagios Network Monitoring
- General Information and TidBits
- Installation Tips & Tricks
- Addons, Plugins, Tweaks & Customizations
- Checking Drupal Status with Nagios and WebInject
- AddOn - NRPE / NSClient
- AddOn - Nagios Event Log aka NagEventLog
- Addon - Nagios Passive Checks with NSCA
- Nagios Custom Object Variables
- Nagios Event Handler - Restart Remote Service
- Nagios Event Handler - Restarting a Local Service
- Plugin: check_dns_secondary - Checking NS Servers
- Plugin: check_http_requisites - Page Size, Files, and Loadtime
- Plugin: check_mem - Linux Memory Usage
- Plugin: check_sql - Check MSSQL and MYSQL servers
- Plugin: check_svn - Check Subversion
- Tweak - Nagios Jabber / XMPP Notifications
- Tweak - Nagios SMS Messaging
- Tweak - check_file_age to check_file_modified
- Tweak: Using NagiosGraph's SHOW.CGI
- Tweak: check_sql - Allow decimal values
- Common Errors & Fixes
Updating NagEventLog Filters via GPO
- References:
When you have alot of Windows Servers and would like to add an EventID to the Filter, it is a real pain to update on a server by server basis. So using a GPO object, you can control the filters directly from a policy without having to manually update each individual server.
Assumptions
- You install NagEventLog in a consistent fashion on all servers
- You want to filter the same items across ALL your servers
- All your servers are members of the local domain
Instructions
-
Create a custom administrative policy template. Below is the "nageventlog.adm" file I used to filter out select Event IDs.
; nageventlog.adm
;;;;;;;;;;;;;;;;;;;;;
CLASS MACHINE ;;;;;;
;;;;;;;;;;;;;;;;;;;;;
CATEGORY !!nagiosfilter
KEYNAME "SOFTWARE\Wow6432Node\Cheshire Cat\Nagios\Filter0"
POLICY !!changenagiosfilter
PART !!NotEventID CHECKBOX
VALUENAME "notID"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END PART
PART !!ChangeFilter0IDs EDITTEXT REQUIRED
VALUENAME "ID"
DEFAULT !!filterdefault
END PART
PART !!changefilter0IDstext TEXT END PART
END POLICY
END CATEGORY[STRINGS]
nagiosfilter="Nagios Filtering"
changenagiosfilter="Change Nagios Filter0"
ChangeFilter0IDs="Event IDs that are ignored by Nagios"
changefilter0IDstext="Comma seperated list of Event IDs to exclude"
filterdefault="21293,21248,26020,26009" - Add the new nageventlog.adm file to C:\windows\inf folder of your domain controller.
- Next, we need to add the template to our default policy. Launch the GPO Editor by clicking Start > Run > mmc. Add the "Group Policy Object Editor" Snap-in, click Browse, and choose the Default Domain Policy.
- Right-click "Administrative Templates" and choose Add/Remove templates. Select the template file, nageventlog.adm, we created.
- You should now see an item appear as "Nagios Filtering". If you select it and the "Change Nagios Filter0" does not appear, click View > Filtering and DE-select the "Only show policy settings that can be fully managed".
- Select "Enabled" option, click the checkbox to enable the EXCLUSION of the IDs and enter the comma delimited list of EventIDs.
- Servers will update automatically with their regular policy refresh. To force a policy update, you can use "gpupdate" from the command line.
You can use the technique above to do a variety of things and tweak things from a central location across the domain environment.
References
- Building the ADM template files - O'REILLY's Windows System Policy Editor
- Printer-friendly version
- Login to post comments
-
Recent comments
23 weeks 5 days ago
27 weeks 6 days ago
45 weeks 2 days ago
48 weeks 3 days ago
1 year 6 weeks ago
1 year 13 weeks ago
1 year 13 weeks ago
1 year 18 weeks ago
1 year 22 weeks ago