Nagios plugin for Windows eventlogs
check-winevent is a Nagios plugin to monitor event logs on the local Windows system. You can filter events based on time, code, type and source. Negation is also possible for code, type and source. It is capable of scanning multiple event logs. It previously existed as check_winevent .
Examples:
check-winevent --type error --window "5 minutes" --critical 0
Scans all event logs available on the system and returns CRITICAL if there was at least one error event last 5 minutes.
check-winevent --log application --source "Application Hang","Application Error" --type error --warning 10 --critical 100
Scans application event log for events occurred during the last hour and returns WARNING or CRITICAL if the number of events exceed 10 or 100 respectively.
check-winevent --log security --window "30 minutes" --type "audit failure"
Scans security event log and returns CRITICAL if there was at least one audit failure event during the last 30 minutes.