NSClient++ Help (#1) - Help getting a filter to work (#911) - Message List
Hi All,
Can someone please help me to get a filter to work in in the checkeventlog. The current config I have is:
nsc_eventlog_system=CheckEventLog filter=new file=system MaxWarn=1 MaxCrit=1 "filter+generated=<6m AND severity NOT IN ('success', 'informational')" filter-eventType==info filter=in filter=all descriptions truncate=800 unique descriptions "syntax=%severity%: %source%: %message% (%count%)"
I need to add a filter to this so it does not alarm for event id 3 and 4 but cant figure out how to do this and have tried so many different commands and can't get it working can someone please advise what i need to change the config to?
-
Message #2420
First of all your are mixing old and new syntax: that will not work... What you want to start from is this:
CheckEventLog file=system MaxWarn=1 MaxCrit=1 filter="generated=<6m AND severity NOT IN ('success', 'informational')" descriptions truncate=800 unique "syntax=%severity%: %source%: %message% (%count%)"In this command the "filter is the following":
filter="generated=<6m AND severity NOT IN ('success', 'informational')"Which you want to extend so it excludes a set of given ids
filter="generated=<6m AND severity NOT IN ('success', 'informational') AND id NOT IN (3, 4)"But Most likely you want to exclude the ids for a given provider as the id is not unique.
So most likely you want something along the following:
filter="generated=<6m AND severity NOT IN ('success', 'informational') AND NOT (source = foobar AND id IN (3, 4) )"But I haven't checked this so this is a starting point the name id and source could be wrong as well as some syntactical things as well...
Michael Medin
mickem02/03/12 22:25:04 (17 months ago)
