NSClient++ Help (#1) - Failed to read from eventlog: 1500: The event log file is corrupted. (#491) - Message List

Failed to read from eventlog: 1500: The event log file is corrupted.

Hello! I've got evenlog check $USER1$/check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckEventLog -a filter=new file="$ARG1$" MaxWarn=$ARG2$ MaxCrit=$ARG3$ filter-generated=\<2h filter-eventID=="$ARG4$" filter-eventType==$ARG5$ filter=in filter=all

with parameters:

check_nrpe_event!system!1!1!6008!error

and on one of the servers, I've got error "Failed to read from eventlog: 1500: The event log file is corrupted."

Event log is ok, not full, and new events are record there. Can u help me?

inot
01/22/10 08:08:00 (3 years ago)
Tree View Flat View (newer first) Flat View (older first)
  • Message #1536

    Could you show relevant lines from NSClient++ debug log?

    MickeM

    mickem
    01/24/10 15:38:34 (3 years ago)
    • Message #1995

      Hi MickeM,

      Hi have the same problem.

      Event log is ok, not full, and new events are record there.

      Used NSClient++ 0.3.8.75 2010-05-27 w32, on Windows Server 2003 Intel Xeon

      Check: 

      evento1069=CheckEventLog file=application file=system filter=new filter=in filter+generated=<10m filter+eventID==1069 MaxCrit=1 truncate=1023 unique

      The nsclient.log shows a lot of, 

      2010-11-16 20:16:05: error:modules\CheckEventLog\CheckEventLog.cpp:736: Failed to read from eventlog: 1500: The event log file is corrupted.
2010-11-16 20:16:11: error:modules\CheckEventLog\CheckEventLog.cpp:736: Failed to read from eventlog: 1500: The event log file is corrupted.
2010-11-16 20:17:49: error:modules\CheckEventLog\CheckEventLog.cpp:736: Failed to read from eventlog: 1500: The event log file is corrupted.
2010-11-16 20:20:07: error:modules\CheckEventLog\CheckEventLog.cpp:736: Failed to read from eventlog: 1500: The event log file is corrupted.

      And when I inject the command manually, 

      2010-11-16 18:50:48: debug:NSClient++.cpp:1106: Injecting: evento1069:
2010-11-16 18:50:48: debug:NSClient++.cpp:1106: Injecting: CheckEventLog: file=application, file=system, filter=new, filter=in, filter+generated=<10m, filter+eventID==1069, MaxCrit=1, truncate=1023, unique, descriptions, syntax=CRITICAL - Evento: %id%, %source%(%count% hits): %message%
2010-11-16 18:50:48: debug:modules\CheckEventLog\CheckEventLog.cpp:693: Using: old TODO
2010-11-16 18:50:48: debug:modules\CheckEventLog\CheckEventLog.cpp:700: Boot time: 0
2010-11-16 18:50:48: debug:modules\CheckEventLog\CheckEventLog.cpp:484: Attempting to match: Application with application
2010-11-16 18:50:48: debug:modules\CheckEventLog\CheckEventLog.cpp:484: Attempting to match: Security with application
2010-11-16 18:50:48: debug:modules\CheckEventLog\CheckEventLog.cpp:484: Attempting to match: System with application
2010-11-16 18:50:51: error:modules\CheckEventLog\CheckEventLog.cpp:736: Failed to read from eventlog: 1500: The event log file is corrupted.
2010-11-16 18:50:51: debug:NSClient++.cpp:1142: Injected Result: WARNING 'Failed to read from eventlog: 1500: The event log file is corrupted.  '
2010-11-16 18:50:51: debug:NSClient++.cpp:1143: Injected Performance Result: ''
2010-11-16 18:50:51: debug:NSClient++.cpp:1142: Injected Result: WARNING 'Failed to read from eventlog: 1500: The event log file is corrupted.  '
2010-11-16 18:50:51: debug:NSClient++.cpp:1143: Injected Performance Result: ''
2010-11-16 18:51:00: debug:NSClient++.cpp:1106: Injecting: evento1069:
2010-11-16 18:51:00: debug:NSClient++.cpp:1106: Injecting: CheckEventLog: file=application, file=system, filter=new, filter=in, filter+generated=<10m, filter+eventID==1069, MaxCrit=1, truncate=1023, unique, descriptions, syntax=CRITICAL - Evento: %id%, %source%(%count% hits): %message%
2010-11-16 18:51:00: debug:modules\CheckEventLog\CheckEventLog.cpp:693: Using: old TODO
2010-11-16 18:51:00: debug:modules\CheckEventLog\CheckEventLog.cpp:700: Boot time: 0
2010-11-16 18:51:00: debug:modules\CheckEventLog\CheckEventLog.cpp:484: Attempting to match: Application with application
2010-11-16 18:51:00: debug:modules\CheckEventLog\CheckEventLog.cpp:484: Attempting to match: Security with application
2010-11-16 18:51:00: debug:modules\CheckEventLog\CheckEventLog.cpp:484: Attempting to match: System with application

      Would this helpful to identify the problem?

      Best regards.

      deisecairo
      11/17/10 23:33:57 (3 years ago)
      • Message #2015

        The error according to Microsoft (goggling for ERROR_EVENTLOG_FILE_CORRUPT which is the error) the resolution seems to be to clear the eventlog. Not sure if that is the cause but it could be worth pursuing in a test environment just to see if it is a problem with the eventlog or not.

        Michael Medin

        mickem
        12/14/10 07:20:10 (2 years ago)
        • Message #2021

          Hi MickeM,

          The problem seems to be solved, so I think the solution was in claer de server's eventlog.

          Thanks for the very nice assists.

          deisecairo
          12/28/10 04:57:57 (2 years ago)
Tree View Flat View (newer first) Flat View (older first)

Subscriptions