NSClient++ Help (#1) - CheckEventlog? always ok (#142) - Message List
CheckEventlog? always ok
Hello,
we having trouble setting up the CheckEventLog on an Windows Server 2003 (NSClient++ 0.3.12)
Here is the Testcommand:
./check_nrpe -H JCHBACKUP02 -p 5667 -c CheckEventLog -a filter=new file=application MaxWarn=1 MaxCrit=3 filter+generated=\<24h filter+eventID==1027 filter=in filter=all truncate=10
Here is the Output:
Eventlog check ok|=0;1;1;
The Command still work but we get always an ok even Errors are present.
thx lordelric
lordelric
05/06/08 11:26:34 (5 years ago)
-
Message #382
try adding debug and see what you get. looks ok on cursory glance, but eventlog checking is a bit hard to setup.
debug: (nsc.ini)
[eventlog] debug=1
(lots of output so check from console (ie. nsclient++ /test) and dont use in production :)
MickeM
mickem05/08/08 11:48:57 (5 years ago)-
Message #388
/usr/local/nagios/libexec/check_nrpe -H JCHBACKUP02 -p 5667 -c CheckEventLog -a filter=new file=application MaxWarn=1 MaxCrit=1 filter+generated=\<24h filter+eventID==1027 filter=in filter=all truncate=10 Eventlog check ok|''=0;1;1; /usr/local/nagios/libexec/check_nrpe -H JCHBACKUP02 -p 5667 -c CheckEventLog -a filter=new file=application MaxWarn=1 MaxCrit=1 filter+generated=\<24h filter+eventID==1048 filter=in filter=all truncate=1024 Eventlog check ok|''=0;1;1; /usr/local/nagios/libexec/check_nrpe -H JCHBACKUP02 -p 5667 -c CheckEventLog -a filter=new file=system MaxWarn=1 MaxCrit=1 filter+generated=\<24h filter+eventID==1111 filter=in filter=all truncate=1024 TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, : 16 > critical|''=16;1;1;
if you see when i check the system log i get an output that seem ok on the application log not.
here is the debug log:
2008-05-08 14:08:05: debug:.\NSClient++.cpp:516: Injecting: CheckEventLog: filter=new, file=application, MaxWarn=1, MaxCrit=1, filter+generated=<24h, filter+eventID==1027, filter=in, filter=all, truncate=10 2008-05-08 14:08:05: debug:.\CheckEventLog.cpp:607: Result: Eventlog check ok 2008-05-08 14:08:05: debug:.\NSClient++.cpp:536: Injected Result: OK 'Eventlog check ok' 2008-05-08 14:08:05: debug:.\NSClient++.cpp:537: Injected Performance Result: '''=0;1;1; ' 2008-05-08 14:10:00: debug:.\NSClient++.cpp:516: Injecting: CheckEventLog: filter=new, file=application, MaxWarn=1, MaxCrit=1, filter+generated=<24h, filter+eventID==1048, filter=in, filter=all, truncate=10 2008-05-08 14:10:00: debug:.\CheckEventLog.cpp:607: Result: Eventlog check ok 2008-05-08 14:10:00: debug:.\NSClient++.cpp:536: Injected Result: OK 'Eventlog check ok' 2008-05-08 14:10:00: debug:.\NSClient++.cpp:537: Injected Performance Result: '''=0;1;1; ' 2008-05-08 14:10:54: debug:.\NSClient++.cpp:516: Injecting: CheckEventLog: filter=new, file=application, MaxWarn=1, MaxCrit=1, filter+generated=<24h, filter+eventID==1048, filter=in, filter=all, truncate=1024 2008-05-08 14:10:54: debug:.\CheckEventLog.cpp:607: Result: Eventlog check ok 2008-05-08 14:10:54: debug:.\NSClient++.cpp:536: Injected Result: OK 'Eventlog check ok' 2008-05-08 14:10:54: debug:.\NSClient++.cpp:537: Injected Performance Result: '''=0;1;1; ' 2008-05-08 14:11:39: debug:.\NSClient++.cpp:516: Injecting: CheckEventLog: filter=new, file=system, MaxWarn=1, MaxCrit=1, filter+generated=<24h, filter+eventID==1111, filter=in, filter=all, truncate=1024 2008-05-08 14:11:41: debug:.\CheckEventLog.cpp:607: Result: TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, : 16 > critical 2008-05-08 14:11:41: debug:.\NSClient++.cpp:536: Injected Result: CRITICAL 'TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, TermServDevices, : 16 > critical' 2008-05-08 14:11:41: debug:.\NSClient++.cpp:537: Injected Performance Result: '''=16;1;1; '
thanks elric
lordelric05/08/08 14:14:16 (5 years ago)
-
