4 Replies Latest reply on Oct 5, 2007 8:59 PM by Network_Guru

    Snare Windows Eventlog software


      This is GNU freeware which can be installed on a Windows PC to forward Eventlogs to your Syslog server.
      There is a small agent which is installed on the PC you wish to monitor.

      I've installed it on my Orion server to notify me when the Syslog or Alerting services do not start after a reboot (these services were down for 3 weeks after my server crashed, before I noticed they weren't running).

      Very handy for monitoring events on your monitoring servers & sending them to a central Syslog server to be e-mailed out.

        • Re: Snare Windows Eventlog software
          Eric E
          Nice tool. Thank you.
          • Re: Snare Windows Eventlog software

            Very NICE, I had the same issue with both the Alert engine and the Syslog service not restarting, it was like getting caught in the girls locker room in highschool...  That was until my director asked me why Orion can not monitor itself...  oops!

            Thanks again NG!

              • Re: Snare Windows Eventlog software

                When setting up Snare, do you set the Destiniation Snare address to the Orion Server, Change the port to 514?


                Are there any other settings in snare that should be changed?

                Any help would be great.


                  • Re: Snare Windows Eventlog software

                    I have another Syslog server (non Solarwinds) that I send the events to from my Orion server.
                    That way I can be notified when the syslog (or any)service is down on my server.
                    You can even alert on MSSQL events such as log files full etc.
                    Basically anything in the eventlog can be sent as a syslog.

                    The easiest way to setup Snare is to find an event you wish to alert on & base the settings on that.

                    Event Type:    Error
                    Event Source:    W32Time
                    Event Category:    None
                    Event ID:    29
                    Date:        2007/10/03
                    Time:        9:31:48 PM
                    User:        N/A
                    Computer:    NOYB
                    The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible.  No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.

                    Setup Snare to check for: System - Error - EventID 29

                    to alert on NTP errors