NSClient++ Help (#1) - Problem setting up CheckEventLog (#138) - Message List

Problem setting up CheckEventLog

I had just downloaded check_nrpe and compiled it on my Linux box and have NSCleint++ installed and working on my Windows 2k3 server. My boss wants to Nagios to watch the Event Logs.

On my Windows box I edited the NSC.ini to have the following

allow_nasty_meta_chars=1 check_eventlog=inject CheckEventLog Application warn.require.eventType=error warn.require.eventType=warning critical.require.eventType=error

To test on my Linux box I put in check_nrpe -H 192.168.194.10 -p 5666 -c checkEventLog -a filter=new file=system file=application MaxWarn=1 MaxCrit=1 filter-generated=>2d filter-eventSource=substr:Service filter-eventSource=substr:Tcpip

I get nothing back. I know there has to be something in there that is wrong.

Any ideas?

Asok
04/30/08 19:21:05 (5 years ago)
Tree View Flat View (newer first) Flat View (older first)
  • Message #372

    I think I got most of it figured out but when I run

    ./check_nrpe -H 192.168.194.240 -c CheckEventLog -a file=Application -a file=system MaxWarn=1 MaxCrit=2 filter-eventID==1000 filter-generated=\<2h

    I get: Eventlog check ok|=0;1;2; and Nagios has no clue what to do with it. Any ideas?

    Asok
    05/05/08 21:30:41 (5 years ago)
    • Message #379

      when you have problem with the eventlog do the following:

      1. enable full descriptions

      descriptions syntax=%message% (feel free to add more %stuff%)

      1. enable debug 
        [eventlog]
debug=true
      1. run nsclient++ /test (and check the output) and/or read the log

      Hopefully this helps, if not let me know...

      MickeM

      mickem
      05/08/08 11:38:09 (5 years ago)
      • Message #393

        Thanks for the info. I edited my NSC.ini and found

        [log] debug=1 I have not found [eventlog]

        But when I run nsclient++ /test on my cleint and then run my commond on my Nagios server, I see the same error on both. The lets me think my Nagios server is talking to the client.

        Where are the other logs that I need to look at?

        Thanks, Asok

        Asok
        05/09/08 18:41:24 (5 years ago)
        • Message #394

          uhmm... dont use the debug option when you are not debugging it loads the log system *a lot*.

          Anyways, to read the output either run nsclient++ in testmode /nsclient++ /test) or enable debug logging and check the nsc.log file.

          MickeM

          anonymous
          05/10/08 09:36:53 (5 years ago)
          • Message #397

            I have searched my Windows and Linux box for the file ncs.log and did not find it. I did find nsclient.log on my windows box. It has it it: 

            2008-05-12 10:37:19: message:.\FileLogger.cpp:58: Starting to log for: NSClient++ - 0.3.1.14 2008-03-12
2008-05-12 10:37:19: debug:.\PDHCollector.cpp:122: Found countername: CPU:    \Processor(_total)\% Processor Time
2008-05-12 10:37:19: debug:.\NSClient++.cpp:401: Loading plugin: NRPE server...
2008-05-12 10:37:19: debug:.\PDHCollector.cpp:123: Found countername: UPTIME: \System\System Up Time
2008-05-12 10:37:19: debug:.\NSClient++.cpp:401: Loading plugin: NSClient server...
2008-05-12 10:37:19: debug:d:\Documents and Settings\mickem\Mina dokument\Visual Studio 2005\Projects\NSCP\trunk\include\Socket.h:627: Bound to: 0.0.0.0:5666
2008-05-12 10:37:19: debug:.\PDHCollector.cpp:124: Found countername: MCL:    \Memory\Commit Limit
2008-05-12 10:37:19: debug:d:\Documents and Settings\mickem\Mina dokument\Visual Studio 2005\Projects\NSCP\trunk\include\Socket.h:627: Bound to: 0.0.0.0:1248
2008-05-12 10:37:19: debug:.\NSClient++.cpp:401: Loading plugin: SystemTray...
2008-05-12 10:37:19: debug:.\PDHCollector.cpp:125: Found countername: MCB:    \Memory\Committed Bytes
2008-05-12 10:37:19: message:.\NSClient++.cpp:136: Using settings from: INI-file
2008-05-12 10:37:19: message:.\NSClient++.cpp:137: Enter command to inject or exit to terminate...
2008-05-12 10:37:28: debug:.\NSClient++.cpp:516: Injecting: CheckEventLog: file=system, MaxWarn=1, MaxCrit=2, filter-eventID==1000, filter-generated=<2h, descriptions, syntax=%stuff%
2008-05-12 10:37:28: debug:.\CheckEventLog.cpp:607: Result: %stuff%, %stuff%, %stuff%, %stuff%, %stuff%, %stuff%, %stuff%, : 7 > critical
2008-05-12 10:37:28: debug:.\NSClient++.cpp:536: Injected Result: CRITICAL '%stuff%, %stuff%, %stuff%, %stuff%, %stuff%, %stuff%, %stuff%, : 7 > critical'
2008-05-12 10:37:28: debug:.\NSClient++.cpp:537: Injected Performance Result: '''=7;1;2; '

            Which is what I keep getting. What am I missing?

            Asok
            05/12/08 16:50:57 (5 years ago)
  • Message #613

    I am not sure this thread still alive. Can you post the configuration in client side and server side ?

    anonymous
    08/06/08 18:32:48 (5 years ago)
Tree View Flat View (newer first) Flat View (older first)

Subscriptions