Context Navigation

NSClient++ Help (#1) - Eventlog Filter 0.4.2 (#991) - Message List

Tree View Flat View (newer first) Flat View (older first)

Message #2627

If you check #529 it has good information on how to do something a bit more advanced but should hopefully be a good starting point.

As it seems the syntax I have now is "ok" I shall start writing some documentations about it hopefully this or next week...

But some short presudo configuration for you:

[settings/eventlog/real-time]
enabled=true
[/settings/eventlog/real-time/filters/errors]
filter=type = error
severity = CRITICAL
destination=NSCA
syntax=The end is neigh: %message%
ok message = Seems we are doing ok
command=my_eventlog_check

In addition to this you also need to configure NSCAClient (again pseudo configuration as I don't recall the syntax off the top of my head):

[/settings/NSCA/client/targets/default]
address=192.168.0.1:5667
encryption=aes
password=very-very-secret

Michael Medin

Message #2635

Hello,

yes, Thread 529 ist known.

My problem stay alive :-( No filter Match...

nsclient.ini

[/modules]
CheckDisk = 1
CheckEventLog = 1
CheckExternalScripts = 1
CheckHelpers = 1
CheckSystem = 1
CheckWMI = 1
NRPEServer = 1
NSCAClient = 1
NSClientServer = 1
[/settings/default]
allowed hosts = XXX.XXX.XXX.XXX
cache allowed hosts = true
password =
certificate = ${certificate-path}/nrpe_dh_512.pem
timeout = 30
use ssl = true
[/settings/NRPE/server]
allow arguments = true
allow nasty characters = true
port = 5666
[/settings/NSCA/client]
channel = NSCA
hostname = nissen3
[/settings/NSCA/client/targets/default]
address = nsca://XXX.XXX.XXX.XXX:5667
encryption = des
timeout = 30
[/settings/NSClient/server]
performance data = true
port = 12489
[/settings/check/system/windows]
default = true
default buffer length = 1h
[/settings/check/system/windows/service mapping]
[/settings/crash]
archive = true
archive folder = ${shared-path}/crash-dumps
restart = true
restart target = NSClientpp
submit = false
submit url = http://crash.nsclient.org/submit
[/settings/eventlog]
buffer size = 131072
debug = true
lookup names = true
syntax =
[/settings/eventlog/real-time]
destination=NSCA
debug = true
enable active = true
enabled = true
log = application
maximum age = 5m
startup age = 30m
[/settings/eventlog/real-time/filters/errors]
filter=type = error
severity = CRITICAL
syntax=The end is neigh: %message%
ok message = Seems we are doing ok
command=my_eventlog_check
[/settings/external scripts]
allow arguments = true
allow nasty characters = true
script path =
timeout = 60
[/settings/external scripts/alias]
[/settings/external scripts/scripts]
[/settings/external scripts/wrapped scripts]
[/settings/external scripts/wrappings]
bat = scripts\\%SCRIPT% %ARGS%
ps1 = cmd /c echo scripts\\%SCRIPT% %ARGS%; exit($lastexitcode) | powershell.exe -command -
vbs = cscript.exe //T:30 //NoLogo scripts\\lib\\wrapper.vbs %SCRIPT% %ARGS%
[/settings/log]
date format = %Y-%m-%d %H:%M:%S
file name = ${exe-path}/nsclient.log
level = debug
[/settings/log/file]
max size = 0
[/settings/shared session]
enabled = false
[/settings/targets]

test command

nscp eventlog --exec insert-eventlog --source "Application Error" --id 1000 --level error --category 0

Debug information

System.dll as )
d rvice\NSClient++.cpp:830  addPlugin(C:/Program Files/NSClient++//modules/Check
WMI.dll as )
d rvice\NSClient++.cpp:830  addPlugin(C:/Program Files/NSClient++//modules/NRPES
erver.dll as )
d rvice\NSClient++.cpp:830  addPlugin(C:/Program Files/NSClient++//modules/NSCAC
lient.dll as )
d rvice\NSClient++.cpp:830  addPlugin(C:/Program Files/NSClient++//modules/NSCli
entServer.dll as )
d rvice\NSClient++.cpp:807  Loading plugin: CheckDisk
d rvice\NSClient++.cpp:807  Loading plugin: Event log Checker.
d rvice\NSClient++.cpp:807  Loading plugin: Check External Scripts
e og\CheckEventLog.cpp:152  Error validating filter: Invalid types: Variable not
 found: error
d rvice\NSClient++.cpp:807  Loading plugin: Helper function
d eventlog_wrapper.cpp:80   Attempting to match: Anwendung with application
d rvice\NSClient++.cpp:807  Loading plugin: CheckSystem
d eventlog_wrapper.cpp:80   Attempting to match: Hardware-Ereignisse with applic
ation
d rvice\NSClient++.cpp:807  Loading plugin: CheckWMI
d tem\PDHCollector.cpp:91   Loading counters...
d eventlog_wrapper.cpp:80   Attempting to match: Microsoft Office Alerts with ap
plication
d rvice\NSClient++.cpp:807  Loading plugin: NRPE server
d tem\PDHCollector.cpp:94   Loading counter: memory commit limit = \4\30
d eventlog_wrapper.cpp:80   Attempting to match: Sicherheit with application
e erver\NRPEServer.cpp:125  Certificate key not found: C:/Program Files/NSClient
++//security/certificate_key.pem
d eventlog_wrapper.cpp:80   Attempting to match: System with application
d erver\NRPEServer.cpp:130  Allowed hosts definition: XXX.XXX.XXX.XXX(255.255.255.
255)
d tem\PDHCollector.cpp:103  Counter status: -1073738823: Der angegebene Leistung
sindikator wurde nicht gefunden.
d tem\PDHCollector.cpp:94   Loading counter: cpu = \238(_total)\6
d tem\PDHCollector.cpp:94   Loading counter: memory commit bytes = \4\26
d tem\PDHCollector.cpp:103  Counter status: -1073738823: Der angegebene Leistung
sindikator wurde nicht gefunden.
d tem\PDHCollector.cpp:94   Loading counter: uptime = \2\674
d tem\PDHCollector.cpp:103  Counter status: -1073738823: Der angegebene Leistung
sindikator wurde nicht gefunden.
d de\socket/server.hpp:81   Using SSL: ssl: none, cert: C:/Program Files/NSClien
t++//security/nrpe_dh_512.pem (PEM), C:/Program Files/NSClient++//security/certi
ficate_key.pem, dh: C:/Program Files/NSClient++//security/nrpe_dh_512.pem, ciphe
rs: ADH, ca: C:/Program Files/NSClient++//security/ca.pem
d de\socket/server.hpp:97   Attempting to bind to: :5666
d de\socket/server.hpp:107  Bound to: :5666
d rvice\NSClient++.cpp:807  Loading plugin: NSCAClient
d rvice\NSClient++.cpp:807  Loading plugin: NSClient server
d r\NSClientServer.cpp:136  Allowed hosts definition: XXX.XXX.XXX.XXX(255.255.255.
255)
d de\socket/server.hpp:97   Attempting to bind to: :12489
d de\socket/server.hpp:107  Bound to: :12489
d rvice\NSClient++.cpp:604  NSClient++ - 0,4,1,3 2012-06-08 Started!
l ce\simple_client.hpp:32   Enter command to inject or exit to terminate...
d og\CheckEventLog.cpp:125  No filter matched: error Application Error: Name der
 Berichtskennung: %13n Moduls: %12%11: 0x%10%5, Zeitstempel: 0x%6

Message #2636
Well, the error is with the filter:
```
e og\CheckEventLog.cpp:152  Error validating filter: Invalid types: Variable not
 found: error
```
Means the filter (I should probably add so it displays with cone) was not parsed. NOt sure why I can look into this when I get back home...
mickem

06/13/12 11:57:35 (11 months ago)
- Message #2642
  
  Hello,
  
  has you look at this ?
  
  thanks,
  
  Jörg
  
  j.nissen
  
  06/18/12 08:38:17 (11 months ago)
  - Message #2643
    
    Sorry forgot, will try to check this (and the auto-lc) tonight... hopefully some new tomorrow...
    
    mickem
    
    06/18/12 08:47:51 (11 months ago)
- Message #2644
  
  Sorry... feelt almost stupid...
  
  it should be ...type = 'error'...
  
  The error is a string not a variable :)
  
  Michael Medin
  
  mickem
  
  06/18/12 22:57:57 (11 months ago)
  - Message #2648
    
    Hello,
    
    thanks -- it´s works fine...
    
    greatings from Germany
    
    Jörg
    
    j.nissen
    
    06/19/12 08:13:12 (11 months ago)

Tree View Flat View (newer first) Flat View (older first)

Subscriptions

Download in other formats:

RSS Feed