NSClient++ Help (#1) - NSClient++ - EventLog? - Problem: "failed to load: .....DLL" (#454) - Message List
Hi zusammen,
Ich habe extrem Mühe das EventLog? der Win2k3 - Server aussagekräftig auszulesen. Habe dies mit Shipways Eventlogger versucht, doch bin da auf Probleme gestossen und versuchs nun mit NSClient++ CheckEventLog:
Dies soll später über NSCA laufen, doch zu Testzwecken vorerst über NRPE:
command[WinEventLog?]=inject CheckEventLog file=application filter=new filter=out MaxCrit=1 filter-generated=>5m truncate=780 unique descriptions syntax=Application[%type%]_(%source%:%id%)_(%written%)%message%
das %message% soll ja die Description wie im EventLog? selbst bringen. Da erhalte ich jedochnun die FM:
failed to load: C:\Program Files (x86)\nPaarOrdner\FALogMsg.DLL( reson: 193
die paar Ordner sind 5 an der Zahl. Sollte aber wohl keine Rolle spielen. Die Infos zu dieser DLL-Datei wird wohl irgendwie aus dem Eventlog gelesen, doch sehe ich nicht warum es diesen Fehler gibt. Ohne Beschreibung bringt es mir leider auch nix wenn die Meldung gesendet wird...
Kann mir sonst jmd n gutes Script verraten um Warnings und Errors aus EventLog? zu lesen?
Besten Dank für eure Hilfe...
-
Message #1421
Please don't take this the wrong way... but I am wondering a bit how you were thinking...
You are on an English site, with English text, for a program in English, with English documentation and English source code with English comments. On the site you find an English wiki, with English articles, English guides, and English videos. It features and English forum with English forum posts and... and, and, and... you ask a question in German?
Ich spreche nicht Deutsch :)
But I do speak English... pretty well...
BTW, since I assume you are from German, feel free to bump into me at the netways conference in nuremberg next month... After a few beers I can usually understand German :P
Michael Medin
mickem09/11/09 17:27:43 (4 years ago) -
Message #1422
Well I'll translate it ;-)
Thought because of the huge german nagios community to get an answer too :-)
I have big troubles getting a pretty working plugin for filtering the event log on windows server 2003. I tried shipways event logger but didn't really succeed..
That's why I'm trying out NSClient+++. I'll use the NSCA daemon later, but for checking out the configuration I'm working with NRPE at the moment. But doesn't make a difference.
My command: command[WinEventLog??]=inject CheckEventLog file=application filter=new filter=out MaxCrit=1 filter-generated=>5m truncate=780 unique descriptions syntax=Application[%type%]_(%source%:%id%)_(%written%)%message%
The %message% should get me the EventLog? description, but I often get an error:
failed to load: C:\Program Files (x86)\someFolders\FALogMsg.DLL( reson: 193
"some folders" means about 5 folders, but should be the problem. the information about the path to these dll's is somewhere in the eventlog I guess. Now I have these errors, but I really need the description, otherwise the notifications aren't that helpful.
..or does any of you have an other well working tool?
thanks for your help.
@Michael: Only translated because of your health, wouldn't be that good drinking a lot of beer to support me :-)
djsumse09/11/09 20:55:58 (4 years ago) -
Message #1430
I installed the latest nightly but there's still the same error with the dll-path...
on my win xp it runs properly, but unfortunately not on win 2k3 server.
djsumse09/15/09 10:35:58 (4 years ago) -
Message #1431
Depending on the exact issue you are having my guess would be that the evenlog providers are invalid (as in registred incorrect).
Does the messages get rendered properly in windows event viewer?
ANd if so could you export (and or copy) the registry entries for this so I can see if I can add support for it.
The "data" (ie. where the logfile is located) comes from:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\<log file name>\<provider identifier>\*
So try to find the "provider" in question and see what the registry keys say: Usually something like:
EventMessageFile=%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\acpiec.sys
I can on my end lookup exactly how I extract the info.
Michael Medin
mickem09/15/09 10:57:08 (4 years ago) -
Message #1432
I'll have a look in the afternoon.. I got it now work on Win 2k3 Server 32bit without problems.
So it seems to be a problem of 64bit or there are any special things on our server..
....afternoon is coming soon :-)
djsumse09/15/09 11:09:26 (4 years ago) -
Message #1433
OK, I found the path. All right.
I tried copying the path and pasted into the browser, then windows asked about opening the dll. The path is OK.
There has to be an other problem...
There's something strange: (%type%)
Windows Event Log says: Type:None an your Script: Type:256
So I have a problem filtering.. In fact it appears as an Information in Windows Computer Management. But if the single event is opened, there Type:None.
Source, EventID, date and time (%generated%) are all correct.
djsumse09/15/09 13:29:13 (4 years ago) -
Message #1434
...there are some %messages% working.. but not the important ones :-)
for the source MsiInstaller? the same problem:
MsiInstaller?(#1013) (Tuesday, September 15, 2009 10:02:53) failed to load: C:\WINDOWS\SysWOW64\msi.dll( reson: 193
djsumse09/15/09 13:55:56 (4 years ago) -
Message #1435
Humm...
An interesting thing is that it is under SysWOW64 which means it is a 32-bit DLL living in a 64-bit "world". I am to be honest not sure how windows (and thus I) handle that.
And since I am "working away from home" this week I wont have time to investigate it till I get home (weekend). But it sounds reasonable that maybe 32bit dlls wont load properly from w64?
I shall have to investigate it...
Michael Medin
mickem09/15/09 18:49:34 (4 years ago) -
Message #1436
Well but the Windows Event Log shows me a description... Means that WIN can handle it anyway...
Hope you'll find a way :-)
djsumse09/16/09 11:30:22 (4 years ago)
