SlideShare a Scribd company logo
1R3 - Internal
Monitoring Windows Events
(without monitoring Logfiles)
Martin Fürstenau, Oce Printing Systems GmbH & Co. KG
martin.fuerstenau@oce.com
O S M C , N o v e m b e r 2 0 1 9
2
About me
Out of interest
• Senior System Eningeer at Oce Printing Systems Gmbh & Co. KG in Poing near Munich
• 33 years IT, 30 years Unix, 25 years Linux, 15 years Oce, monitoring started with Netsaint.
• Currently maintaining Linux systems, our monitoring landscape … and writing plugins and
addons for NagiosIcinga(2)ShinkenNaemonandotherapicompatibleforks.
• Hobbies: Playing the blues (badly) and repairing electrical guitars (much better).
3
Oce European Data Center - Monitoring
● Datacenter Océ Printing Systems, Poing
● European Data Center
● Local Data Center
● Our quantity structure
● 2400 Hosts
● More than 50 % MS Windows
● More than 160 network components (Switches, Router,Firewalls)
● 23500 Services
● More than ca 50% running on MS Windows
● Rest is mainly Unix/Linux, SAN, NetApp Filer and network
4
Monitoring Windows Events
● Who needs it?
● And how are you doing it?
5
Using SNMP traps for Monitoring Windows Events
Setting up Windows - Modify your SNMP Configuration
6
Using SNMP traps for Monitoring Windows Events
An event from the Windows log
7
Using SNMP traps for Monitoring Windows Events
Setting up Windows - Mapping events to traps evntwin and evntcmd
8
Using SNMP traps for Monitoring Windows Events
Setting up Windows - Mapping events to traps evntwin and evntcmd
9
Using SNMP traps for Monitoring Windows Events
Setting up Windows - Mapping events to traps evntwin and evntcmd
10
Using SNMP traps for Monitoring Windows Events
On the Linux side - a MIB to convert for snmptt ?
● Yes
(EVNTAGENT-MIB.mib)
● NO
(EVNTAGENT-MIB.mib)
11
Using SNMP traps for Monitoring Windows Events
On the Linux side - snmptt -snmpttunknown.log
12
Using SNMP traps for Monitoring Windows Events
On the Linux side - a 1st configuration for snmptt
13
Using SNMP traps for Monitoring Windows Events
On the Linux side - a 2nd configuration for snmptt
EVENT LoginDenied .1.3.6.1.4.1.311.1.13.1.35.77.105.99.114…….
EXEC /root/work.duck/wintrap/duck "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9"
FORMAT FooFooFoo $*
SDESC
Get the traps from the event system
Variables:
EDESC #!/bin/bash
echo >> /root/work.duck/wintrap/duck.log
echo >> /root/work.duck/wintrap/duck.log
echo >> /root/work.duck/wintrap/duck.log
echo "1: $1" >> /root/work.duck/wintrap/duck.log
echo "2: $2" >> /root/work.duck/wintrap/duck.log
echo "3: $3" >> /root/work.duck/wintrap/duck.log
echo "4: $4" >> /root/work.duck/wintrap/duck.log
echo "5: $5" >> /root/work.duck/wintrap/duck.log
echo "6: $6" >> /root/work.duck/wintrap/duck.log
echo "7: $7" >> /root/work.duck/wintrap/duck.log
echo "8: $8" >> /root/work.duck/wintrap/duck.log
echo "9: $9" >> /root/work.duck/wintrap/duck.log
14
Using SNMP traps for Monitoring Windows Events
On the Linux side - a 2nd configuration for snmptt
15
Using SNMP traps for Monitoring Windows Events
On the Linux side - a 3rd configuration for snmptt
EVENT LoginDenied .1.3.6.1.4.1.311.1.13.1.35.77.105….
FORMAT FooFooFoo $*
EXEC /root/work.duck/wintrap/log_wintrap --logfile=/root/work.duck/wintrap/duck.log --
eventText="$1" --eventUserId="$2" --eventSystem="$3" --eventType="$4" --eventCategory="$5"
--eventVar1="$6" --eventVar2="$7" --eventVar3="$8" --eventVar4="$9" --eventVar5="$10" --
eventVar6="$11" --eventVar7="$12" --eventVar8="$13" --eventVar9="$14" --eventVar10="$15" --
eventVar11="$16" --eventVar12="$17" --eventVar13="$18" --eventVar14="$19" --eventVar15="$20"
SDESC
Get the traps from the event system
Variables:
EDESC
Using SNMP traps for Monitoring Windows Events
On the Linux side - a 3rd logfile for snmptt
17
How to proceed
wintrap2mon
• Will contain filter for each variable
• Should handle most events
• Should be expandable by adding filters from files
• Option to write all variables to logfile
18
Resources
• http://www.snmptt.org
• https://docs.microsoft.com/en-us/windows/win32/snmp/about-snmp
• https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/evntcmd
• https://wiki.opennms.org/wiki/Windows_Event_Log_Traps
• https://support.microsoft.com/de-de/help/324263/how-to-configure-the-simple-network-
management-protocol-snmp-service-i
• https://documentation.commvault.com/commvault/v11_sp5/article?p=features/alerts/
setup_alerts_snmp_trap.htm
19
Resources
• http://www.snmptt.org
• https://docs.microsoft.com/en-us/windows/win32/snmp/about-snmp
• https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/evntcmd
• https://wiki.opennms.org/wiki/Windows_Event_Log_Traps
• https://support.microsoft.com/de-de/help/324263/how-to-configure-the-simple-network-
management-protocol-snmp-service-i
• https://documentation.commvault.com/commvault/v11_sp5/article?p=features/alerts/
setup_alerts_snmp_trap.htm
20
Thank you for you patience with an old man
and
let’s have a drink now
(and a second, and a third and a…...)
OSMC 2019 | Monitoring Windows Events without Monitoring Logfiles  by Martin Fürstenau

More Related Content

Similar to OSMC 2019 | Monitoring Windows Events without Monitoring Logfiles by Martin Fürstenau

Linux System Monitoring
Linux System Monitoring Linux System Monitoring
Linux System Monitoring
PriyaTeli
 
Lotus Foundations Start 1 0 English Version
Lotus Foundations Start 1 0 English VersionLotus Foundations Start 1 0 English Version
Lotus Foundations Start 1 0 English Version
Enzo Stanzione
 
The 1-hour Guide to Stuxnet.ppt
The 1-hour Guide to Stuxnet.pptThe 1-hour Guide to Stuxnet.ppt
The 1-hour Guide to Stuxnet.ppt
Salman Naveed
 
Penetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityPenetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utility
IOSR Journals
 
snortinstallguide
snortinstallguidesnortinstallguide
snortinstallguide
Liễu Hồng
 
computing networks and operating system
computing networks and operating system computing networks and operating system
computing networks and operating system
porfinencuentrounodisponible
 
Presentation1
Presentation1Presentation1
An Express Guide ~ SNMP for Secure Rremote Resource Monitoring
An Express Guide ~ SNMP for Secure Rremote Resource MonitoringAn Express Guide ~ SNMP for Secure Rremote Resource Monitoring
An Express Guide ~ SNMP for Secure Rremote Resource Monitoring
Abhishek Kumar
 
Op Manager
Op ManagerOp Manager
Op Manager
ahawkins
 
Ubuntu Core 技术详解
Ubuntu Core 技术详解Ubuntu Core 技术详解
Ubuntu Core 技术详解
Rex Tsai
 
OSMC 2008 | Monitoring Tools Shootout by Tom De Cooman
OSMC 2008 | Monitoring Tools Shootout by Tom De CoomanOSMC 2008 | Monitoring Tools Shootout by Tom De Cooman
OSMC 2008 | Monitoring Tools Shootout by Tom De Cooman
NETWAYS
 
Nagios Conference 2012 - Robert Bolton - Custom SNMP OID Creation
Nagios Conference 2012 - Robert Bolton - Custom SNMP OID CreationNagios Conference 2012 - Robert Bolton - Custom SNMP OID Creation
Nagios Conference 2012 - Robert Bolton - Custom SNMP OID Creation
Nagios
 
Ceh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumerationCeh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumeration
Asep Sopyan
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWall
webhostingguy
 
Ceh v8 labs module 08 sniffers
Ceh v8 labs module 08 sniffersCeh v8 labs module 08 sniffers
Ceh v8 labs module 08 sniffers
Mehrdad Jingoism
 
Intro xp linux
Intro xp linuxIntro xp linux
Intro xp linux
kalaisundaram
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2
ratnalajaggu
 
Introduction to Embedded Linux
Introduction to Embedded LinuxIntroduction to Embedded Linux
Introduction to Embedded Linux
Hossain Reja
 
BackTrack5 - Linux
BackTrack5 - LinuxBackTrack5 - Linux
BackTrack5 - Linux
mariuszantal
 
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
44CON 2014 - Switches Get Stitches,  Eireann Leverett & Matt Erasmus44CON 2014 - Switches Get Stitches,  Eireann Leverett & Matt Erasmus
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
44CON
 

Similar to OSMC 2019 | Monitoring Windows Events without Monitoring Logfiles by Martin Fürstenau (20)

Linux System Monitoring
Linux System Monitoring Linux System Monitoring
Linux System Monitoring
 
Lotus Foundations Start 1 0 English Version
Lotus Foundations Start 1 0 English VersionLotus Foundations Start 1 0 English Version
Lotus Foundations Start 1 0 English Version
 
The 1-hour Guide to Stuxnet.ppt
The 1-hour Guide to Stuxnet.pptThe 1-hour Guide to Stuxnet.ppt
The 1-hour Guide to Stuxnet.ppt
 
Penetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityPenetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utility
 
snortinstallguide
snortinstallguidesnortinstallguide
snortinstallguide
 
computing networks and operating system
computing networks and operating system computing networks and operating system
computing networks and operating system
 
Presentation1
Presentation1Presentation1
Presentation1
 
An Express Guide ~ SNMP for Secure Rremote Resource Monitoring
An Express Guide ~ SNMP for Secure Rremote Resource MonitoringAn Express Guide ~ SNMP for Secure Rremote Resource Monitoring
An Express Guide ~ SNMP for Secure Rremote Resource Monitoring
 
Op Manager
Op ManagerOp Manager
Op Manager
 
Ubuntu Core 技术详解
Ubuntu Core 技术详解Ubuntu Core 技术详解
Ubuntu Core 技术详解
 
OSMC 2008 | Monitoring Tools Shootout by Tom De Cooman
OSMC 2008 | Monitoring Tools Shootout by Tom De CoomanOSMC 2008 | Monitoring Tools Shootout by Tom De Cooman
OSMC 2008 | Monitoring Tools Shootout by Tom De Cooman
 
Nagios Conference 2012 - Robert Bolton - Custom SNMP OID Creation
Nagios Conference 2012 - Robert Bolton - Custom SNMP OID CreationNagios Conference 2012 - Robert Bolton - Custom SNMP OID Creation
Nagios Conference 2012 - Robert Bolton - Custom SNMP OID Creation
 
Ceh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumerationCeh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumeration
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWall
 
Ceh v8 labs module 08 sniffers
Ceh v8 labs module 08 sniffersCeh v8 labs module 08 sniffers
Ceh v8 labs module 08 sniffers
 
Intro xp linux
Intro xp linuxIntro xp linux
Intro xp linux
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2
 
Introduction to Embedded Linux
Introduction to Embedded LinuxIntroduction to Embedded Linux
Introduction to Embedded Linux
 
BackTrack5 - Linux
BackTrack5 - LinuxBackTrack5 - Linux
BackTrack5 - Linux
 
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
44CON 2014 - Switches Get Stitches,  Eireann Leverett & Matt Erasmus44CON 2014 - Switches Get Stitches,  Eireann Leverett & Matt Erasmus
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
 

Recently uploaded

What’s New in Odoo 17 – A Complete Roadmap
What’s New in Odoo 17 – A Complete RoadmapWhat’s New in Odoo 17 – A Complete Roadmap
What’s New in Odoo 17 – A Complete Roadmap
Envertis Software Solutions
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
Patrick Weigel
 
🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻
🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻
🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻
campbellclarkson
 
All you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVMAll you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVM
Alina Yurenko
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
XfilesPro
 
Superpower Your Apache Kafka Applications Development with Complementary Open...
Superpower Your Apache Kafka Applications Development with Complementary Open...Superpower Your Apache Kafka Applications Development with Complementary Open...
Superpower Your Apache Kafka Applications Development with Complementary Open...
Paul Brebner
 
Malibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed RoundMalibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed Round
sjcobrien
 
Alluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio Webinar | 10x Faster Trino Queries on Your Data PlatformAlluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio, Inc.
 
Photoshop Tutorial for Beginners (2024 Edition)
Photoshop Tutorial for Beginners (2024 Edition)Photoshop Tutorial for Beginners (2024 Edition)
Photoshop Tutorial for Beginners (2024 Edition)
alowpalsadig
 
美洲杯赔率投注网【​网址​🎉3977·EE​🎉】
美洲杯赔率投注网【​网址​🎉3977·EE​🎉】美洲杯赔率投注网【​网址​🎉3977·EE​🎉】
美洲杯赔率投注网【​网址​🎉3977·EE​🎉】
widenerjobeyrl638
 
DevOps Consulting Company | Hire DevOps Services
DevOps Consulting Company | Hire DevOps ServicesDevOps Consulting Company | Hire DevOps Services
DevOps Consulting Company | Hire DevOps Services
seospiralmantra
 
Liberarsi dai framework con i Web Component.pptx
Liberarsi dai framework con i Web Component.pptxLiberarsi dai framework con i Web Component.pptx
Liberarsi dai framework con i Web Component.pptx
Massimo Artizzu
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
Drona Infotech
 
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
Luigi Fugaro
 
Boost Your Savings with These Money Management Apps
Boost Your Savings with These Money Management AppsBoost Your Savings with These Money Management Apps
Boost Your Savings with These Money Management Apps
Jhone kinadey
 
How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
ToXSL Technologies
 
The Comprehensive Guide to Validating Audio-Visual Performances.pdf
The Comprehensive Guide to Validating Audio-Visual Performances.pdfThe Comprehensive Guide to Validating Audio-Visual Performances.pdf
The Comprehensive Guide to Validating Audio-Visual Performances.pdf
kalichargn70th171
 
TMU毕业证书精仿办理
TMU毕业证书精仿办理TMU毕业证书精仿办理
TMU毕业证书精仿办理
aeeva
 
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Paul Brebner
 
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdfBaha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid
 

Recently uploaded (20)

What’s New in Odoo 17 – A Complete Roadmap
What’s New in Odoo 17 – A Complete RoadmapWhat’s New in Odoo 17 – A Complete Roadmap
What’s New in Odoo 17 – A Complete Roadmap
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
 
🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻
🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻
🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻
 
All you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVMAll you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVM
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
 
Superpower Your Apache Kafka Applications Development with Complementary Open...
Superpower Your Apache Kafka Applications Development with Complementary Open...Superpower Your Apache Kafka Applications Development with Complementary Open...
Superpower Your Apache Kafka Applications Development with Complementary Open...
 
Malibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed RoundMalibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed Round
 
Alluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio Webinar | 10x Faster Trino Queries on Your Data PlatformAlluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio Webinar | 10x Faster Trino Queries on Your Data Platform
 
Photoshop Tutorial for Beginners (2024 Edition)
Photoshop Tutorial for Beginners (2024 Edition)Photoshop Tutorial for Beginners (2024 Edition)
Photoshop Tutorial for Beginners (2024 Edition)
 
美洲杯赔率投注网【​网址​🎉3977·EE​🎉】
美洲杯赔率投注网【​网址​🎉3977·EE​🎉】美洲杯赔率投注网【​网址​🎉3977·EE​🎉】
美洲杯赔率投注网【​网址​🎉3977·EE​🎉】
 
DevOps Consulting Company | Hire DevOps Services
DevOps Consulting Company | Hire DevOps ServicesDevOps Consulting Company | Hire DevOps Services
DevOps Consulting Company | Hire DevOps Services
 
Liberarsi dai framework con i Web Component.pptx
Liberarsi dai framework con i Web Component.pptxLiberarsi dai framework con i Web Component.pptx
Liberarsi dai framework con i Web Component.pptx
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
 
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
 
Boost Your Savings with These Money Management Apps
Boost Your Savings with These Money Management AppsBoost Your Savings with These Money Management Apps
Boost Your Savings with These Money Management Apps
 
How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
 
The Comprehensive Guide to Validating Audio-Visual Performances.pdf
The Comprehensive Guide to Validating Audio-Visual Performances.pdfThe Comprehensive Guide to Validating Audio-Visual Performances.pdf
The Comprehensive Guide to Validating Audio-Visual Performances.pdf
 
TMU毕业证书精仿办理
TMU毕业证书精仿办理TMU毕业证书精仿办理
TMU毕业证书精仿办理
 
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
 
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdfBaha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
 

OSMC 2019 | Monitoring Windows Events without Monitoring Logfiles by Martin Fürstenau

  • 1. 1R3 - Internal Monitoring Windows Events (without monitoring Logfiles) Martin Fürstenau, Oce Printing Systems GmbH & Co. KG martin.fuerstenau@oce.com O S M C , N o v e m b e r 2 0 1 9
  • 2. 2 About me Out of interest • Senior System Eningeer at Oce Printing Systems Gmbh & Co. KG in Poing near Munich • 33 years IT, 30 years Unix, 25 years Linux, 15 years Oce, monitoring started with Netsaint. • Currently maintaining Linux systems, our monitoring landscape … and writing plugins and addons for NagiosIcinga(2)ShinkenNaemonandotherapicompatibleforks. • Hobbies: Playing the blues (badly) and repairing electrical guitars (much better).
  • 3. 3 Oce European Data Center - Monitoring ● Datacenter Océ Printing Systems, Poing ● European Data Center ● Local Data Center ● Our quantity structure ● 2400 Hosts ● More than 50 % MS Windows ● More than 160 network components (Switches, Router,Firewalls) ● 23500 Services ● More than ca 50% running on MS Windows ● Rest is mainly Unix/Linux, SAN, NetApp Filer and network
  • 4. 4 Monitoring Windows Events ● Who needs it? ● And how are you doing it?
  • 5. 5 Using SNMP traps for Monitoring Windows Events Setting up Windows - Modify your SNMP Configuration
  • 6. 6 Using SNMP traps for Monitoring Windows Events An event from the Windows log
  • 7. 7 Using SNMP traps for Monitoring Windows Events Setting up Windows - Mapping events to traps evntwin and evntcmd
  • 8. 8 Using SNMP traps for Monitoring Windows Events Setting up Windows - Mapping events to traps evntwin and evntcmd
  • 9. 9 Using SNMP traps for Monitoring Windows Events Setting up Windows - Mapping events to traps evntwin and evntcmd
  • 10. 10 Using SNMP traps for Monitoring Windows Events On the Linux side - a MIB to convert for snmptt ? ● Yes (EVNTAGENT-MIB.mib) ● NO (EVNTAGENT-MIB.mib)
  • 11. 11 Using SNMP traps for Monitoring Windows Events On the Linux side - snmptt -snmpttunknown.log
  • 12. 12 Using SNMP traps for Monitoring Windows Events On the Linux side - a 1st configuration for snmptt
  • 13. 13 Using SNMP traps for Monitoring Windows Events On the Linux side - a 2nd configuration for snmptt EVENT LoginDenied .1.3.6.1.4.1.311.1.13.1.35.77.105.99.114……. EXEC /root/work.duck/wintrap/duck "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" FORMAT FooFooFoo $* SDESC Get the traps from the event system Variables: EDESC #!/bin/bash echo >> /root/work.duck/wintrap/duck.log echo >> /root/work.duck/wintrap/duck.log echo >> /root/work.duck/wintrap/duck.log echo "1: $1" >> /root/work.duck/wintrap/duck.log echo "2: $2" >> /root/work.duck/wintrap/duck.log echo "3: $3" >> /root/work.duck/wintrap/duck.log echo "4: $4" >> /root/work.duck/wintrap/duck.log echo "5: $5" >> /root/work.duck/wintrap/duck.log echo "6: $6" >> /root/work.duck/wintrap/duck.log echo "7: $7" >> /root/work.duck/wintrap/duck.log echo "8: $8" >> /root/work.duck/wintrap/duck.log echo "9: $9" >> /root/work.duck/wintrap/duck.log
  • 14. 14 Using SNMP traps for Monitoring Windows Events On the Linux side - a 2nd configuration for snmptt
  • 15. 15 Using SNMP traps for Monitoring Windows Events On the Linux side - a 3rd configuration for snmptt EVENT LoginDenied .1.3.6.1.4.1.311.1.13.1.35.77.105…. FORMAT FooFooFoo $* EXEC /root/work.duck/wintrap/log_wintrap --logfile=/root/work.duck/wintrap/duck.log -- eventText="$1" --eventUserId="$2" --eventSystem="$3" --eventType="$4" --eventCategory="$5" --eventVar1="$6" --eventVar2="$7" --eventVar3="$8" --eventVar4="$9" --eventVar5="$10" -- eventVar6="$11" --eventVar7="$12" --eventVar8="$13" --eventVar9="$14" --eventVar10="$15" -- eventVar11="$16" --eventVar12="$17" --eventVar13="$18" --eventVar14="$19" --eventVar15="$20" SDESC Get the traps from the event system Variables: EDESC
  • 16. Using SNMP traps for Monitoring Windows Events On the Linux side - a 3rd logfile for snmptt
  • 17. 17 How to proceed wintrap2mon • Will contain filter for each variable • Should handle most events • Should be expandable by adding filters from files • Option to write all variables to logfile
  • 18. 18 Resources • http://www.snmptt.org • https://docs.microsoft.com/en-us/windows/win32/snmp/about-snmp • https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/evntcmd • https://wiki.opennms.org/wiki/Windows_Event_Log_Traps • https://support.microsoft.com/de-de/help/324263/how-to-configure-the-simple-network- management-protocol-snmp-service-i • https://documentation.commvault.com/commvault/v11_sp5/article?p=features/alerts/ setup_alerts_snmp_trap.htm
  • 19. 19 Resources • http://www.snmptt.org • https://docs.microsoft.com/en-us/windows/win32/snmp/about-snmp • https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/evntcmd • https://wiki.opennms.org/wiki/Windows_Event_Log_Traps • https://support.microsoft.com/de-de/help/324263/how-to-configure-the-simple-network- management-protocol-snmp-service-i • https://documentation.commvault.com/commvault/v11_sp5/article?p=features/alerts/ setup_alerts_snmp_trap.htm
  • 20. 20 Thank you for you patience with an old man and let’s have a drink now (and a second, and a third and a…...)