NSClient++ Help (#1) - I can't seem to understand combining two eventType filters (CheckEventLog) (#857) - Message List

I can't seem to understand combining two eventType filters (CheckEventLog)

Hello,

I seem to be having trouble combining two severity levels: 

CheckEventLog -a truncate=1023 MaxWarn=1 MaxCrit=1 file='DFS Replication' filter=in "filter.eventSource='DFS Replication'" "filter.eventSource='DFSR'" "filter+eventType==error" "filter+eventType==warning" "filter+generated=\<5m" descriptions unique syntax='%message%'

It's true that if i use filter+eventType it should be a requirement since: 

+ is AND
. is OR
- is NOT AND

(http://www.nsclient.org/nscp/wiki/CheckEventLog/CheckEventLog/old#Filtermodes)

In order to watch error and warning eventTypes, what should the syntax look like?

The following combos don't work:

"filter.eventType==error" followed by "filter+eventType==warning"

"filter.eventType==error" "filter.eventType==warning" followed by "filter-eventType==information"

I still receive critical when eventType = information.

Thanks,

Matt

mbrownnyc
09/08/11 22:06:56 (21 months ago)
Tree View Flat View (newer first) Flat View (older first)
  • Message #2310

    After thoroughly reviewing documentation and finding my typo (information != info)...

    As a work around I have included all events of NOT eventtype 'info': 

    CheckEventLog -a truncate=1023 MaxWarn=1 MaxCrit=1 file='DFS Replication' filter=in "filter.eventSource='DFS Replication'" "filter.eventSource='DFSR'" "filter+eventType=<>info" "filter+generated=<5m" descriptions unique syntax='%message%'

    This still doesn't explain on how to include multiples of the same filter.

    Help me Michael... you're my only hope.

    mbrownnyc
    09/09/11 17:54:03 (21 months ago)
Tree View Flat View (newer first) Flat View (older first)

Subscriptions