25. 06. 2013 Patrick Zambelli Log Management

SyslogView: Windows Eventlog integration into the MessageConsole

The SyslogView module is the log and events collector for activities on remote hosts. Log messages or Eventlog entries of a Microsoft server are collected with this tool and stored for later auditing or search.

A recent customer request was to make these incoming events more transparent for monitoring. What if the remote SAFED agent discovers in the Eventlog of Windows, messages that belong to a certain ID and report a specific problem, such as the failure of a process or the unsuccessful login attempt ? With the build in Statistics tool of SyslogView it would be possible to generate reports for customizable event filters, but those schedules occur daily and therefore not that often to guarantee an immediate advice. The push strategy of such important messages into the NetEye MessageConsole could represent a solution!

For this customer I registered therefore an application handler based in the Syslog daemon of the NetEye server. This handler introduces a basic logic to interpret a Syslog Message of interest and forward the content in the desired manner to the MessageConsole indicating:

  • Host of origin
  • As Subject the Event ID
  • The content of the whole captured message

With this approach it is possible to get an overview of all open “messages” that can be handled as well known by any NetEye user: “Acknowledge”, “Close” or rise/lower the severity. According to the severity the Message is generated as Nagios check and Notified according the Service Template settings.

MessageConsole open messages

The script is integrated in the SyslogView version 2.0.12 of the latest NetEye 3.4 release.
Rsyslog 7.2 < is the basic requirement.

The script can be found at /var/lib/neteye/plugins/nesyslogview/scripts/rsyslog_generate_msg_msgconsole.sh

Patrick Zambelli

Patrick Zambelli

Project Manager at Würth Phoenix
After my graduation in Applied Computer Science at the Free University of Bolzano I decided to start my professional career outside the province. With a bit of good timing and good luck I went into the booming IT-Dept. of Geox in the shoe district of Montebelluna, where I realized how a big IT infrastructure has to grow and adapt to quickly changing requirements. During this experience I had also the nice possibility to travel the world, while setting up the various production and retail areas of this company. Arrived at Würth Phoenix I started developing on our monitoring solution NetEye. Today, in my position as Consulting an Project Manager I am continuously heading to implement our solutions to meet the expectation of your enterprise customers.

Author

Patrick Zambelli

After my graduation in Applied Computer Science at the Free University of Bolzano I decided to start my professional career outside the province. With a bit of good timing and good luck I went into the booming IT-Dept. of Geox in the shoe district of Montebelluna, where I realized how a big IT infrastructure has to grow and adapt to quickly changing requirements. During this experience I had also the nice possibility to travel the world, while setting up the various production and retail areas of this company. Arrived at Würth Phoenix I started developing on our monitoring solution NetEye. Today, in my position as Consulting an Project Manager I am continuously heading to implement our solutions to meet the expectation of your enterprise customers.

Leave a Reply

Your email address will not be published.

Archive