NSClient++ Help (#1) - CheckEventLog (#57) - Message List

I use NSClient with NRPE support.

The problem is with CheckEventLog.

On Win XP Pro SP2 FR, all work fine on file=application, file=System, file=Security. On Win 2K Server, all work fine like XP Pro

but on W2K3 Serv, only check on file=System and file=Security. No entries found in file=application. There is entries in !

I check the name of the evenbook , ok. I don't understand what's the problem.

Somebody have idea about this ? I need help.

Tree View Flat View (newer first) Flat View (older first)
  • Message #83

    HUmm, Try checking you have the correct name.

    on "older versions" the fallback (ie. if you check for file=WTFTHisDoesNotExist) gets you Application IIRC... I Shall in the weekend to come setup a lot of various images and try features on various OS:es so I can get back to you sometime next week...

  • Message #84

    (the fallback things is an OS "feature" and not something to do with me :)

  • Message #85

    I believe the problem can come from Rights Policies (GPO). I have tested on a W2K Server without Domain controll, juste file sharing. It works on ! But i a not sure because W$ is a black box for me. I never been a admin of W$... I prefer unix/linux.

  • Message #87

    No news for me ??

    I'm in trouble with this. I promise my boss than a could check evntlog with NSclient....

    I do not understand the problem...

  • Message #88

    I have check the source code :

    HANDLE hLog = OpenEventLog?(NULL, (*cit2).c_str()); if (hLog == NULL) {

    message = "Could not open the '" + (*cit2) + "' event log: " + error::lookup::last_error(); return NSCAPI::returnUNKNOWN; }

    So, it open the file because i get no return error. I have read the code, but i don't know this language, but I believe i understand what it does ! Nice coding, by the way ;) !

    The problem come from the filter may be. But I set the same params than with the system event book... just like this : ./check_nrpe -H -p 5666 -c CheckEventLog -a file=Application MaxWarn=1 MaxCrit=3 filter=new filter+generated=\<12h repond : Eventlog check ok|=0;1;3; But I have several entries in the eventbook application.

    The same command with file=system (plus truncate because a lot of entries) : ./check_nrpe -H -p 5666 -c CheckEventLog -a truncate=100 file=system MaxWarn=1 MaxCrit=3 filter=new filter+generated=\<12h WinHttpAutoProxySvc?, WinHttpAutoProxySvc?, Service Control Manager, Service Respond : Control Manager, Serv...|=331;1;3;

    I weill appreciate your help to solve this. Thanks a lot. Sory for my poor english.

  • Message #620

    Did you ever got this to work? I have same issue, system works fine but Application does not.

Tree View Flat View (newer first) Flat View (older first)