Context Navigation

source: nscp/trunk/docs/CheckEventLog/index.html @ 9bc31a8

Last change on this file since 9bc31a8 was 9bc31a8, checked in by Michael Medin <michael@…>, 7 years ago
Lots of update (I really should checkin more often :)
Property mode set to `100644`
File size: 5.4 KB

Line
1	<html>
2	<head>
3	<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
4	<title>CheckEventLog</title>
5	<link rel="stylesheet" type="text/css" href="../nscplus.css">
6	<base target="_self">
7	</head>
8
9	<body>
10
11	<div id="content" class="documentContent">
12	<h1>CheckEventLog.dll</h1>
13	<p>The CheckEventLog module checks for problems reported to the windows event log.</p>
14	<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" id="table4">
15	<tr>
16	<th valign="top">Command </th>
17	<th valign="top">Description </th>
18	</tr>
19	<tr>
20	<td valign="top">CheckEventLog </td>
21	<td valign="top">Check to fins errors in the event log.</td>
22	</tr>
23	</table>
24	<h2>Configuration</h2>
25	<p><i>This module has no configuration directives.</i></p>
26	<h2>CheckEventLog</h2>
27	<p>This check enumerates all event in the event log and filters out (or in)
28	events and then the resulting list is used to determine state.</p>
29	<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" id="table5">
30	<tr>
31	<th valign="top">Option </th>
32	<th valign="top">Values </th>
33	<th valign="top">Description </th>
34	</tr>
35	<tr>
36	<td valign="top">file</td>
37	<td valign="top">A event log file name</td>
38	<td valign="top">The name of an eventlog file the default ones are
39	Application, Security and System.</td>
40	</tr>
41	<tr>
42	<td valign="top">filter</td>
43	<td valign="top">in, out, any, all</td>
44	<td valign="top">Specify the way you want to filter things.<p><b>in</b>
45	means any thing matching this filter will be included in the result.</p>
46	<p><b>out</b> means any thing matching this filter will be excluded
47	from the result.</p>
48	<p><b>any</b> means any of the filter rules has to match.</p>
49	<p><b>all</b> means all of the filter rules have to match.</p>
50	<p>Thus filter=all filter=in and filter=any filter=out is the
51	combinations that makes the most sence depending on your filter
52	concept.</td>
53	</tr>
54	<tr>
55	<td valign="top">descriptions</td>
56	<td valign="top"><i>None</i></td>
57	<td valign="top">Flag to specify if you want to include string
58	representation of the error messages.</td>
59	</tr>
60	<tr>
61	<td valign="top">truncate</td>
62	<td valign="top">length of the returned set</td>
63	<td valign="top">This will truncate the output after the specified
64	length. As NRPE can only handle 1024 chars you need to truncate the
65	output.</td>
66	</tr>
67	<tr>
68	<td valign="top">MaxWarn</td>
69	<td valign="top">number of records</td>
70	<td valign="top">The maximum records to allow before reporting a
71	warning state.</td>
72	</tr>
73	<tr>
74	<td valign="top">MaxCrit</td>
75	<td valign="top">number of records</td>
76	<td valign="top">The maximum records to allow before reporting a
77	critical state.</td>
78	</tr>
79	<tr>
80	<td valign="top">
81	filter-eventType</td>
82	<td valign="top">
83	error, warning, etc</td>
84	<td valign="top">
85	An event type to filter out: error, warning, info, auditSuccess or
86	auditFailure.</td>
87	</tr>
88	<tr>
89	<td valign="top">
90	filter-eventSource</td>
91	<td valign="top">
92	string expression</td>
93	<td valign="top">
94	The name of the source of the event. Can be a substring or
95	regularexpression</td>
96	</tr>
97	<tr>
98	<td valign="top">
99	filter-generated</td>
100	<td valign="top">
101	time expression</td>
102	<td valign="top">
103	Time ago the message was generated</td>
104	</tr>
105	<tr>
106	<td valign="top">
107	filter-written</td>
108	<td valign="top">
109	time expression</td>
110	<td valign="top">
111	Time ago the message was written to the log</td>
112	</tr>
113	<tr>
114	<td valign="top">
115	filter-message</td>
116	<td valign="top">
117	string expression</td>
118	<td valign="top">
119	Filter strings in the message. Can be a substring or
120	regularexpression</td>
121	</tr>
122	</table>
123	<p> </p>
124	<p>A time expression is a date/time interval as a number prefixed by a
125	filter prefix (<, >, =, !=) and followed by a unit postfix (m, s, h, d, w).
126	A few examples of time expression are: filter-generated=>2d means filter
127	will match any records older than 2 days, filter-generated=<2h means match
128	any records newver then 2 hours.</p>
129	<p>A string expression is a key followed by a string that specifies a string
130	expression. Currently substr and regexp are supported. Thus you enter
131	filter-message=regexp:(foo\|bar) to enter a regular expression and
132	filter-message=substr:foo to enter a substring patter match.</p>
133	<h3>Examples</h3>
134	<div class="example">
135	<ul>
136	<li>
137	<p><b>Check the Application event log for errors in the
138	last 48 hours. Filter out any Cdrom and NSClient errors as well as
139	all warnings. Allow 3 errors before a warning is issued and 7 before
140	a critical state.</b></p>
141	<p><code>checkEventLog file=system file=application
142	MaxWarn=1 MaxCrit=1 filter-generated=>2d filter-eventSource=substr:Service
143	filter-eventSource=substr:Tcpip filter=out filter=any</code></p>
144	<p><code>CRITICAL: 27 > critical: ESENT, ESENT, ESENT, ESENT,...</code></p>
145	<div class="config">
146	<p>define command { </p>
147	<p>    command_name check_event_log </p>
148	<p>    command_line check_nrpe -H $HOSTADDRESS$ -p
149	5666 -c checkEventLog -a file=system file=application MaxWarn=1 MaxCrit=1
150	filter-generated=>2d filter-eventSource=substr:Service
151	filter-eventSource=substr:Tcpip filter=out filter=any</p>
152	<p>}</p>
153	<p>    check_command check_event_log
154	</p>
155	</div>
156	</li>
157	</ul>
158	</div>
159	</div>
160
161	</body>
162
163	</html>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: