Using Jabber to monitor Windows EventLogs


Like every company we also got several machines working just for our infrastructural needs like Sharepoints, Activedirectory, Databases, Backup-Servers and so on.

To monitor many machines we came across the idea to use Jabber Instant Messaging to monitor the machines. For example the VPN should drop a line to specified jabber adresses if someone connects or disconnects. Every single machine is maintaining it’s own log – which means you would have to consolidate them in some ways. And since consolidation is not the masterplan – since you would need an event alarm system which sends out alarm calls if something weird is happening, you would need that alarm system too.

So we wrote (while waiting for the machines to install) several small tools which provide a gateway between syslog-ng, windows event logs and Jabber.

Since we are using this productively my Jabber Client Window looks something like this:

psi 

As you can see there are 3 machines online right now – and since these are Linux machines they also provide some status information like load averages and free memory. The Linux version was written by ahzf in perl – and obviously his library can handle the presence and status information much better than the one I used for the Windows version 🙂 – So there are no presence and status informations for the Windows machines right now.

The Windows version is written in C# and relies on the Jabber.NET library. It comes with a small setup and runs as a windows service.

jabbereventlog_windows

In the setup you have to enter the username+password of a user that can access the local Windows Event Log. After the successful setup you need to edit the config file:

editconfig

It’s XML and quite easy to understand (I think) – so you define the jabber server, the user, the password, the Users that you want to receive the messages and the EventLog you want to monitor.

After starting the service you get the startup message via the jabber server and from now on everything that is written into the Windows Event Log is sent to the accounts you specified. Easy eh?

P.S.: sourcecode release will be after we packaged everything.

Source: http://code.google.com/p/jabber-net/