Cheshire Cat Computing

Hello all,

Windows Eventlog isn´t running properly for us. The status keeps showing OK altough there are critical errors in the Event log. Even if we shut the Windows computer down, the status still shows OK (Despite there being no connection). I know you probably need more information to help us, but i'm not sure what kind of information you need.

I have read the FAQ and the solutions didn't help. There's no firewall between the two systems, and i can telnet properly to port 5667 on the linux system. Any help would greatly appreciated.



Kind regards,


EDIT: Just noticed the log is filled with ''2009-04-03 15:29:57: error:modules\NSCAAgent\NSCAThread.cpp:231: <<< NSCA Configuration missmatch'' any idea's?

First problem is what happens if the monitored server is down.
In this case, no alerts are being sent, so the Eventlog:xxx services will of course be OK. If you want to be warned when the agent is not active, then you need to use the Heartbeat service which will send an 'Im OK' every so often, and you set the heartbeat service to have a freshness check which sets it to 'unknown' or 'critical'.

Second problem is the services not going critical when messages are there.
Check the Nagios log - are external service checks coming in, but with the wrong service name?
If no checks are coming in, check the NSCA log - are invalid connections coming in? This may be an encryption configuration mismatch between your NSCA daemon and the Nagios Eventlog agent (this sounds like it is your problem)
If this is not hapening, then check the eventlog agent - can it send a test NSCA message and it appears in the nagios log?
Finally, check your filters - are they really matching the correct eventlog entries? Enable debug mode and check the trace in the application eventlog to see what is matching.

_________________
Steve Shipway
UNIX Systems, ITSS, University of Auckland, NZ
Woe unto them that rise up early in the morning... -- Isaiah 5:11