NSClient++ Help (#1) - CheckEventLog (#57) - Message List
I use NSClient with NRPE support.
The problem is with CheckEventLog.
On Win XP Pro SP2 FR, all work fine on file=application, file=System, file=Security. On Win 2K Server, all work fine like XP Pro
but on W2K3 Serv, only check on file=System and file=Security. No entries found in file=application. There is entries in !
I check the name of the evenbook , ok. I don't understand what's the problem.
Somebody have idea about this ? I need help.
-
Message #83
HUmm, Try checking you have the correct name.
on "older versions" the fallback (ie. if you check for file=WTFTHisDoesNotExist) gets you Application IIRC... I Shall in the weekend to come setup a lot of various images and try features on various OS:es so I can get back to you sometime next week...
mickem11/09/07 08:57:32 (6 years ago)-
Message #84
(the fallback things is an OS "feature" and not something to do with me :)
mickem11/09/07 08:58:05 (6 years ago)-
Message #85
I believe the problem can come from Rights Policies (GPO). I have tested on a W2K Server without Domain controll, juste file sharing. It works on ! But i a not sure because W$ is a black box for me. I never been a admin of W$... I prefer unix/linux.
Denis Proxy11/13/07 14:58:42 (6 years ago)-
Message #87
No news for me ??
I'm in trouble with this. I promise my boss than a could check evntlog with NSclient....
I do not understand the problem...
Denis Proxy11/16/07 18:19:27 (6 years ago)-
Message #88
I have check the source code :
HANDLE hLog = OpenEventLog?(NULL, (*cit2).c_str()); if (hLog == NULL) {
message = "Could not open the '" + (*cit2) + "' event log: " + error::lookup::last_error(); return NSCAPI::returnUNKNOWN; }
So, it open the file because i get no return error. I have read the code, but i don't know this language, but I believe i understand what it does ! Nice coding, by the way ;) !
The problem come from the filter may be. But I set the same params than with the system event book... just like this : ./check_nrpe -H 192.168.110.80 -p 5666 -c CheckEventLog -a file=Application MaxWarn=1 MaxCrit=3 filter=new filter+generated=\<12h repond : Eventlog check ok|=0;1;3; But I have several entries in the eventbook application.
The same command with file=system (plus truncate because a lot of entries) : ./check_nrpe -H 192.101.101.80 -p 5666 -c CheckEventLog -a truncate=100 file=system MaxWarn=1 MaxCrit=3 filter=new filter+generated=\<12h WinHttpAutoProxySvc?, WinHttpAutoProxySvc?, Service Control Manager, Service Respond : Control Manager, Serv...|=331;1;3;
I weill appreciate your help to solve this. Thanks a lot. Sory for my poor english.
Denis Proxy11/16/07 18:49:43 (6 years ago)
-
-
-
-
