25. 06. 2013 Patrick Zambelli Log Management

SyslogView: Windows Eventlog integration into the MessageConsole

The SyslogView module is the log and events collector for activities on remote hosts. Log messages or Eventlog entries of a Microsoft server are collected with this tool and stored for later auditing or search.

A recent customer request was to make these incoming events more transparent for monitoring. What if the remote SAFED agent discovers in the Eventlog of Windows, messages that belong to a certain ID and report a specific problem, such as the failure of a process or the unsuccessful login attempt ? With the build in Statistics tool of SyslogView it would be possible to generate reports for customizable event filters, but those schedules occur daily and therefore not that often to guarantee an immediate advice. The push strategy of such important messages into the NetEye MessageConsole could represent a solution!

For this customer I registered therefore an application handler based in the Syslog daemon of the NetEye server. This handler introduces a basic logic to interpret a Syslog Message of interest and forward the content in the desired manner to the MessageConsole indicating:

  • Host of origin
  • As Subject the Event ID
  • The content of the whole captured message

With this approach it is possible to get an overview of all open “messages” that can be handled as well known by any NetEye user: “Acknowledge”, “Close” or rise/lower the severity. According to the severity the Message is generated as Nagios check and Notified according the Service Template settings.

MessageConsole open messages

The script is integrated in the SyslogView version 2.0.12 of the latest NetEye 3.4 release.
Rsyslog 7.2 < is the basic requirement.

The script can be found at /var/lib/neteye/plugins/nesyslogview/scripts/rsyslog_generate_msg_msgconsole.sh

Patrick Zambelli

Patrick Zambelli

Project Manager at Würth Phoenix
After my graduation in Applied Computer Science at the Free University of Bolzano I decided to start my professional career outside the province. With a bit of good timing and good luck I went into the booming IT-Dept. of Geox in the shoe district of Montebelluna, where I realized how a big IT infrastructure has to grow and adapt to quickly changing requirements. During this experience I had also the nice possibility to travel the world, while setting up the various production and retail areas of this company. Arrived at Würth Phoenix I started developing on our monitoring solution NetEye. Today, in my position as Consulting an Project Manager I am continuously heading to implement our solutions to meet the expectation of your enterprise customers.

Author

Patrick Zambelli

After my graduation in Applied Computer Science at the Free University of Bolzano I decided to start my professional career outside the province. With a bit of good timing and good luck I went into the booming IT-Dept. of Geox in the shoe district of Montebelluna, where I realized how a big IT infrastructure has to grow and adapt to quickly changing requirements. During this experience I had also the nice possibility to travel the world, while setting up the various production and retail areas of this company. Arrived at Würth Phoenix I started developing on our monitoring solution NetEye. Today, in my position as Consulting an Project Manager I am continuously heading to implement our solutions to meet the expectation of your enterprise customers.

Latest posts by Patrick Zambelli

16. 01. 2024 NetEye, Unified Monitoring
Icinga 2 DSL for Defining the Monitoring Status of Objects with Director
23. 12. 2020 NetEye
Tornado – Getting in Action with Sample Rules
10. 12. 2020 NetEye, Unified Monitoring
Microsoft Icinga2 Agent Deployment Automation with Tornado
05. 05. 2020 NetEye, Unified Monitoring
Import Data Correlation and Automation with Icinga2 Director
15. 04. 2020 Artificial Intelligence
Real-time Observability Thanks to AI
See All

Related Content

Tags: , ,

25. 03. 2019 Log Management, Log-SIEM, NetEye, Unified Monitoring

Safed improvements since 1.10.1

The Safed agent keeps track of the events it receives from the Eventlog by keeping the LastEventID in registry. At start time the agent tries to retrieve all events from Windows Eventlog since starting from the LastEventID. When the amount Read More
30. 03. 2015 Log Management, NetEye

[Update] Patch Released ! – LogManager (ex. SysLogView) zipping error of archived logfiles

To avoid a similar problem the next time change from winter to summer time ( i.e. CET to CEST )  a fix release has been published, backported for NetEye release 3.4. Update for NetEye 3.4 will be neteye-syslogview 2.1.9 Users Read More
02. 10. 2014 Log Management, Log-SIEM, NetEye

NetEye: Integration Logstash/Elasticsearch/Kibana

[caption id="attachment_10209" align="aligncenter" width="2342"] From the logs to Kibana[/caption] You probably already heard about Elasticsearch and its potential. Elasticsearch is a full-text search engine based on Lucene. It provides a RESTful web interface and schema-free JSON documents. To be able to better display Read More
09. 05. 2011 Downloads / Release Notes, Log Management

Neteye SyslogView Search 1.0.3

Changelog 1.0.3 - Fixed issue with date generation - now parser stops execution (with error) if no date is correctly generated.
26. 10. 2010 Log Management

Centralized syslog agent configuration for SAFED

Today's blog article will highlight the latest news from the Syslog Server development area. The focus lays on the integration of the distributed syslog agents into the SyslogView module of the NetEye server. The motivation for this strategic implementation is Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive